forked from icing/mod_h2
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ChangeLog
1070 lines (941 loc) · 52.4 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
* Adding an mpm check so that mod_http2 also compiles against Apache httpd trunk.
v1.11.3
--------------------------------------------------------------------------------
* Adding defensive code for stream EOS handling, in case the request handler somehow
missed to signal it the normal way. Should address #167 and #170.
v1.11.2
--------------------------------------------------------------------------------
* Fixed configure to no longer require ```libcurl-devel```, but only the ```curl```
command with h2 support for testing.
v1.11.1
--------------------------------------------------------------------------------
* added test/Makefile.in to the release tar ball, so that peopl just need
automake to build (reported in #169 by @uhliarik, fix proposed by @notroj)
* added -avoid-version to the linker flags (thanks to Oden Erikson, @odeneriksson)
* added tests for 100 interim responses
* added tests for trailers
* added tests for conditional request header
* added tests for invalid characters in response header
* added Upgrade: response header tests
* added vars require configuration tests
* added ssl renegotiation tests
v1.11.0
--------------------------------------------------------------------------------
* connection IO event handling reworked. Instead of reacting on incoming bytes, the
state machine now acts on incoming frames that are affecting it. This reduces
state transitions.
* pytest suite now covers some basic tests on h2 selection, GET and POST
* started to add pytest suite from existing bash tests
v1.10.21
--------------------------------------------------------------------------------
* Code cleanups from Apache subversion
* New optional function to query the number of h2 workers from Apache branch
v1.10.20
--------------------------------------------------------------------------------
* Restore keepalive handling of v1.10.16. Idle connections are kept open
for the duration.
v1.10.19
--------------------------------------------------------------------------------
* adding regular memory cleanup when transferring large response bodies. This
reduces memory footprint and avoids memory exhaustion when transferring large files
on 32-bit architectures.
v1.10.18
--------------------------------------------------------------------------------
* fixes a race condition where aborting streams triggers an unnecessary timeout.
v1.10.17
--------------------------------------------------------------------------------
* accurate reporting of h2 data input/output per request via mod_logio. Fixes
an issue where output sizes where counted n-times on reused slave connections. See #158.
* normalized connection prefix logging when trace2 is enabled for direct h2 connection
detection.
v1.10.16
--------------------------------------------------------------------------------
* Removed no longer used code in stream cleanup, disabled beam events
during pool shutdown, discouraged content-encoding filter from applying
themselves to http2_status responses.
v1.10.15
--------------------------------------------------------------------------------
* discourage gzip/brotli content encoding on http2-status responses as
they are inserted into the reponse when filters are already done.
v1.10.14
--------------------------------------------------------------------------------
* fixed unfair scheduling when number of active connections
exceeded the scheduling fifo capacity.
v1.10.13
--------------------------------------------------------------------------------
* avoid unnecessary data retrieval for a trace log. Allow certain
information retrievals on null bucket beams where it makes sense.
* Fixed configure to check first for libs and then add compiler flags
v1.10.12
--------------------------------------------------------------------------------
* Reverting 1.10.11 change since showed no effect on issue #120
* Fixes a race condition on request body handling.
v1.10.11
--------------------------------------------------------------------------------
* DoS flow control protection is less agressive as long as active tasks stay
below worker capacity. Intended to fix problems with media streaming.
v1.10.10
--------------------------------------------------------------------------------
* adding signalling of data available before waiting on beam buffer to drain. Missing this causes suspended streams to stall and time out.
v1.10.9
--------------------------------------------------------------------------------
* cleanup of bucket beam change signaling to track down issue #143
v1.10.8
--------------------------------------------------------------------------------
* a stream could stall and not send any more output to the client which in the end aborts the connection due to a timeout.
v1.10.7
--------------------------------------------------------------------------------
* disable and give warning when mpm_prefork is encountered. The server will
continue to work, but HTTP/2 will no longer be negotiated.
* improved implementation of ready queue.
v1.10.6
--------------------------------------------------------------------------------
* Fix for possible CPU busy loop introduced in v1.10.3 where a stream may keep
the session in continuous check for state changes that never happen.
v1.10.5
--------------------------------------------------------------------------------
* fail requests without ERROR log in case we need to read interim
responses and see only garbage. This can happen if proxied servers send
data where none should be, e.g. a body for a HEAD request.
v1.10.4
--------------------------------------------------------------------------------
* mod_proxy_http2: adding support for Reverse Proxy Request headers.
v1.10.3
--------------------------------------------------------------------------------
* fixed possible deadlock that could occur when connections were
terminated early with ongoing streams. Fixed possible hanger with timeout
on race when connection considers itself idle.
v1.10.2
--------------------------------------------------------------------------------
* MaxKeepAliveRequests now limits the number of times a
slave connection gets reused.
* Client streams that lack the EOF flag get now forcefully
closed with a RST_STREAM (NO_ERROR) when the request has been answered.
* Only when 'HttpProtocolOptions Unsafe' is configured, will
control characters in response headers or trailers be forwarded to the
client. Otherwise, in the default configuration, a request will eiher
fail with status 500 or the stream will be reset by a RST_STREAM frame.
v1.10.1
--------------------------------------------------------------------------------
* Fixed bug in re-attempting proxy requests after connection error.
Reliability of reconnect handling improved.
* Fixed two rare deadlocks with new non-nested mutex use.
* No longer mapping Link: header urls in proxy requests when preserve host
is set.
v1.10.0
--------------------------------------------------------------------------------
* better performance, eliminated need for nested locks and
thread privates. Moving request setups from the main connection to the
worker threads. Increase number of spare connections kept.
* input buffering and dynamic flow windows for increased
throughput. Requires nghttp2 >= v1.5.0 features. Announced at startup
in mod_http2 INFO log as feature 'DWINS'.
* h2 workers with improved scalability for better scheduling
performance. There are H2MaxWorkers threads created at start and the
number is kept constant for now.
* obsoleted option H2SessionExtraFiles, will be ignored and
just log a warning.
* fixed PR60869 by making h2 workers exit explicitly waking up
all threads to exit in a defined way.
v1.9.3
--------------------------------------------------------------------------------
* moving session cleanup to pre_close hook to avoid races with
modules already shut down and slave connections still operating.
* stream timeouts now change to vhost values once the request
is parsed and processing starts. Initial values are taken from base
server or SNI host as before. [Stefan Eissing]
* fixed retry behaviour for http2 proxy connections when frontend
connection uses http/1.1.
* separate mutex instances for each bucket beam, resulting in
less lock contention. input beams only created when necessary.
v1.9.2
--------------------------------------------------------------------------------
* mod_http2: adding allocator mutex to session pool due to reports of rare
crashes.
v1.9.1
--------------------------------------------------------------------------------
* mod_proxy_http2: support for ProxyPreserveHost directive
v1.9.0
--------------------------------------------------------------------------------
* not counting file buckets again stream max buffer limits.
Effectively transfering static files in one step from slave to master
connection.
* mod_http2: comforting ap_check_pipeline() on slave connections
to facilitate reuse (see https://github.com/icing/mod_h2/issues/128).
[reported by Armin Abfalterer]
* mod_http2: http/2 streams now with state handling/transitions as defined
in RFC7540. Stream cleanup/connection shutdown reworked to become easier
to understand/maintain/debug. Added many asserts on state and cleanup
transitions.
v1.8.11
--------------------------------------------------------------------------------
* regression fix on bugzilla PR 59348, on graceful restart, ongoing
streams are finished normally before the final GOAWAY is sent.
* do not attempt to generated a response on an already aborted slave connection
* fix potential double cleanup of bucket beam memory
v1.8.10
--------------------------------------------------------------------------------
* fixes bugzilla PR60599, sending proper response for conditional requests
answered by mod_cache. (orignal patch by Jeff Wheelhouse)
v1.8.9
--------------------------------------------------------------------------------
* rework of stream resource cleanup to avoid a crash in a close
of a lingering connection. Prohibit special file bucket beaming for
shared buckets. Files sent in stream output now use the stream pool
as read buffer, reducing memory footprint of connections.
(much help from Yann Ylavic)
v1.8.8
--------------------------------------------------------------------------------
* streaming of request output now reacts timely to data
from other streams becoming available. Same for new incoming requests.
v1.8.7
--------------------------------------------------------------------------------
* fix for possible page fault when stream is resumed during session shutdown.
(Patch by sidney-j-r-m, github)
* fix for h2 session ignoring new responses while already
open streams continue to have data available.
v1.8.6
--------------------------------------------------------------------------------
* adding support for MergeTrailers directive.
* limiting DATA frame sizes by TLS record sizes in use on the
connection. Flushing outgoing frames earlier.
v1.8.5
--------------------------------------------------------------------------------
* Removed debug log statements left over in 1.8.4 release.
v1.8.4
--------------------------------------------------------------------------------
* Cleanup beamer registry on server reload, Fixes Apache bugzilla PR60510.
Patch by Pavel Mateja <[email protected]>
* Fixes #126 e.g. beam bucket lifetime handling when data is sent
over temporary pools.
v1.8.3
--------------------------------------------------------------------------------
* CVE-2016-8740: Mitigate DoS memory exhaustion via endless
CONTINUATION frames. Reported by Naveen Tiwari <[email protected]> and
CDF/SEFCOM at Arizona State University
* Removing some warning when streams are cleaned up that were never scheduled
v1.8.2
--------------------------------------------------------------------------------
* new directive 'H2EarlyHints' to enable sending of HTTP status 103 interim
responses. Off by default since some browser still choke on them.
* mod_proxy_http2 will, when used on top of a HTTP/1.x connection, only
forward 100 responses from the backend if the client expects them. All
other responses in the 100 range are filtered.
v1.8.0
--------------------------------------------------------------------------------
* mod_http2: new directive 'H2PushResource' to enable early pushes before
processing of the main request starts. Resources are announced to the
client in Link headers on a 103 early hint response.
All responses with status code <400 are inspected for Link header and
trigger pushes accordingly. 304 still does prevent pushes.
'H2PushResource' can mark resources as 'critical' which gives them higher
priority than the main resource. This leads to preferred scheduling for
processing and, when content is available, will send it first. 'critical'
is also recognized on Link headers.
* mod_proxy_http2: uris in Link headers are now mapped back to a suitable
local url when available. Relative uris with an absolute path are mapped
as well. This makes reverse proxy mapping available for resources
announced in this header.
With 103 interim responses being forwarded to the main client connection,
this effectively allows early pushing of resources by a reverse proxied
backend server.
* mod_proxy_http2: adding support for 103 status code, as proposed by
Kazuho Oku.
v1.7.9
--------------------------------------------------------------------------------
* fixed a crash in stream shutdown introduced in 1.7.8
v1.7.8
--------------------------------------------------------------------------------
* unannounced and multiple interim responses (status code < 200)
are parsed and forwarded to client until a final response arrives.
* mod_proxy_http2: improved robustness when main connection is closed early
by resetting all ongoing streams against the backend.
* mod_http2: allocators from slave connections are released earlier, resulting
in less overall memory use on busy, long lived connections.
v1.7.6
--------------------------------------------------------------------------------
* fixed crash in beam memory handling introduced in 1.7.x changes
v1.7.5
--------------------------------------------------------------------------------
* properly implemented 100-continue handling for proxy setups, be it
mod_proxy_http or mod_proxy_http2
* reusing backend HTTP/2 connections more than a second old will hold back
request bodies until a PING response is received. Headers are still sent
right away since those are repeatable on a new connection.
v1.7.3
--------------------------------------------------------------------------------
* reverts some int -> apr_uint32_t changes made in 1.7.0 to address possible
crashes.
v1.7.2
--------------------------------------------------------------------------------
* fixes compilation error on 32 bit systems when generating slave connection id.
v1.7.1
--------------------------------------------------------------------------------
* fix for build issues on Windows platforms
v1.7.0
--------------------------------------------------------------------------------
* rewrite of how responses and trailers are transferred between master and
slave connections.
* Reduction of internal states for tasks and streams, reducing complexity
for increased stability.
* Heuristic id generation for slave connections to better keep promise of
connection ids unique at given point in time. This fixes problems with
mod_cgid in high load situtations.
* Fix for handling of incoming trailers when no request body is sent.
v1.6.2
--------------------------------------------------------------------------------
* fixes a race that led to output blocking (stream not finishing)
v1.6.1
--------------------------------------------------------------------------------
* if configured with nghttp2 1.14.0 and onward, invalid request
headers will immediately reset the stream with a PROTOCOL error. Feature
logged by module on startup as 'INVHD' in info message.
* fixed handling of stream buffers during shutdown.
v1.6.0
--------------------------------------------------------------------------------
* handling graceful shutdown gracefully, e.g. processing existing streams to the end.
* h2 status resource follows latest draft, see
http://www.ietf.org/id/draft-benfield-http2-debug-state-01.txt
Configure it as
<Location "/.well-known/h2/state">
SetHandler http2-status
</Location>
* support for 'Expect: 100-continue' handling
v1.5.13
--------------------------------------------------------------------------------
* new H2CopyFiles directive that changes treatment of file handles in
responses. Necessary in order to fix broken lifetime handling in modules
such as mod_wsgi. Use 'H2CopyFiles off' where ever you need it.
* removing timeouts on master connection while requests are being processed.
Requests may timeout, but the master only times out when no more requests
are active.
v1.5.12
--------------------------------------------------------------------------------
* fixed connection flushing when handling SETTINGS and no stream is open.
(thanks @summerwind)
* fix for request abort when connections drops, introduced in 1.5.8
* more rigid error handling in DATA frame assembly, leading
to deterministic connection errors if assembly fails.
v1.5.10
--------------------------------------------------------------------------------
* fixed bug in error handling when passing DATA frames.
v1.5.9
--------------------------------------------------------------------------------
* more strict error handling and logging in DATA frame assembly.
v1.5.8
--------------------------------------------------------------------------------
* mod_http2: improved cleanup of connection/streams/tasks to always
have deterministic order regardless of event initiating it. Addresses
reported crashes due to memory read after free issues.
v1.5.7
--------------------------------------------------------------------------------
* fixed read after free on certain conditions when clients abort connections
* fixed connection shutdown when stream tasks block on reads
v1.5.6
--------------------------------------------------------------------------------
* fixed possible null pointer reference in new bucket beams during read on an
aborted beam
* improved event handling on master connection (idle/submit/wait) to increase
performance
v1.5.5
--------------------------------------------------------------------------------
* Fix async write issue that sometimes led to selection of wrong timeout
vs. keepalive timeout selection for idle sessions.
* Checking LimitRequestLine, LimitRequestFields and
LimitRequestFieldSize configurated values for incoming streams. Returning
HTTP status 431 for too long/many headers fields and 414 for a too long
pseudo header.
* Tracking conn_rec->current_thread on slave connections, so
that mod_lua finds the correct one. Fixes PR 59542.
v1.5.3
--------------------------------------------------------------------------------
* slave connections have conn_rec->aborted flag set when a stream
has been reset by the client.
* Small fixes in bucket beams when forwarding file buckets. Output handling
on master connection uses less FLUSH and passes automatically when more
than half of H2StreamMaxMemSize bytes have accumulated.
Workaround for http: when forwarding partial file buckets to keep the
output filter from closing these too early.
* elimination of fixed master connectin buffer for TLS connections. New
scratch bucket handling optimized for TLS write sizes.
File bucket data read directly into scratch buffers, avoiding one
copy. Non-TLS connections continue to pass buckets unchanged to the core
filters to allow sendfile() usage.
* h2_request.c is no longer shared between these modules. This simplifies
building on platforms such as Windows, as module reference used in
logging is now clear.
v1.5.2
--------------------------------------------------------------------------------
* fixed connection shutdown deadlock on linux when client closed early
* beam shutdown does now wait on endpoint to finish using buckets in flight,
hopefully addressing crash issues completely
* Since 1.5.1 the internal HTTP/2 protocol is reported as "HTTP/2.0" for
better compatibility and since CGI's SERVER_PROTOCOL seems to require this
format
v1.5.1
--------------------------------------------------------------------------------
* fixed segmentation fault when connections where aborted by client in new
bucket beam code
* eliminated one more memory pool per stream
v1.5.0
--------------------------------------------------------------------------------
* mod_proxy_http2 for backend HTTP/2 connections, currently cleartext only
* new "bucket beam" technology to transport buckets across threads without
buffer copy.
* delaying response start until flush or enough body data has been accumulated.
* all fixed up to and including 1.4.7
v1.4.7
--------------------------------------------------------------------------------
* disabling file mmap handling as this leads to segmentation faults when files
are truncates while being streamed out.
* Some additional trace1 logging when connections give unexpected errors, e.g.
clients close connection without final GOAWAY frame.
v1.4.6 (as released in Apache httpd 2.4.20)
--------------------------------------------------------------------------------
* incrementing keepalives on each request started so that logging %k gives
increasing numbers per master http2 connection. New documented variables
in env, usable in custom log formats: H2_PUSH, H2_PUSHED, H2_PUSHED_ON,
H2_STREAM_ID and H2_STREAM_TAG.
* more efficient passing of response bodies with less contention
and file bucket forwarding.
* fix for missing score board updates on request count, fix for memory leak
on slave connection reuse.
* disabling PUSH when client sends GOAWAY. Slave connections are reused for
several requests, improved performance and better memory use.
* fixes problem with wrong lifetime of file buckets on main connection.
* fixes incorrect denial of requests without :authority header.
* give control to async mpm for keepalive timeouts only when no streams are
open and even if only after 1 sec delay. Under load, event mpm discards
connections otherwise too quickly.
* fixed possible read after free when streams were cancelled early by the
client.
* fixed possible deadlock during connection shutdown. Thanks to @FrankStolle
for reporting and getting the necessary data.
* fixed apr_uint64_t formatting in a log statement to user proper APR def,
thanks to @Sp1l.
* number of worker threads allowed to a connection is adjusting
dynamically. Starting with 4, the number is doubled when streams can be
served without block on http/2 connection flow. The number is halfed, when
the server has to wait on client flow control grants.
This can happen with a maximum frequency of 5 times per second.
When a connection occupies too many workers, repeatable requests
(GET/HEAD/OPTIONS) are cancelled and placed back in the queue. Should that
not suffice and a stream is busy longer than the server timeout, the
connection will be aborted with error code ENHANCE_YOUR_CALM.
This does *not* limit the number of streams a client may open, rather the
number of server threads a connection might use.
* allowing link header to specify multiple "rel" values, space-separated
inside a quoted string. Prohibiting push when Link parameter "nopush" is
present.
* reworked connection state handling. Idle connections accept a GOAWAY from
the client without further reply. Otherwise the module makes a best effort
to send one last GOAWAY to the client.
* the values from standard directives Timeout and KeepAliveTimeout properly
are applied to http/2 connections.
* idle connections are returned to async mpms. new hook "pre_close_connection"
used to send GOAWAY frame when not already done. Setting event mpm server
config "by hand" for the main connection to the correct negotiated server.
* keep-alive blocking reads are done with 1 second timeouts to check for MPM
stopping. Will announce early GOAWAY and finish processing open streams,
then close.
* bytes read/written on slave connections are reported via the optional
mod_logio functions. Fixes PR 58871.
* connections how keep a "push diary" where hashes of already pushed resources
are kept. See directive H2PushDiarySize for managing this. Push diaries can
be initialized by clients via the "Cache-Digest" request header.
This carries a base64url encoded. compressed Golomb set as described
in https://datatracker.ietf.org/doc/draft-kazuho-h2-cache-digest/
Introduced a status handler for HTTP/2 connections, giving various counters
and statistics about the current connection, plus its cache digest value
in a JSON record. Not a replacement for more HTTP/2 in the server status.
Configured as
<Location "/http2-status">
SetHandler http2-status
</Location>
* Fixed flushing of last GOAWAY frame. Previously, that frame did not always
reach the client, causing some to fail the next request.
Fixed calculation of last stream id accepted as described in rfc7540.
Reading in KEEPALIVE state now correctly shown in scoreboard.
Fixed possible race in connection shutdown after review by Ylavic.
Fixed segfault on connection shutdown, callback ran into a semi dismantled session.
* Added support for experimental accept-push-policy draft
(https://tools.ietf.org/html/draft-ruellan-http-accept-push-policy-00). Clients
may now influence server pushes by sending accept-push-policy headers.
* new r->subprocess_env variables HTTP2 and H2PUSH, set to "on"
when available for request.
* mod_status/scoreboard: showing connection protocol in new column, new
ap_update_child_status methods for updating server/description. mod_ssl
sets vhost negotiated by servername directly.
v1.2.8
--------------------------------------------------------------------------------
* Requests without ':authority' header, using 'Host' instead, are no longer
denied.
v1.2.7
--------------------------------------------------------------------------------
* Adding logio fix from apache trunk so that resource sizes are correcly
reported in access logs.
v1.2.6
--------------------------------------------------------------------------------
* Adding 'accept-encoding' to headers used in PUSHed resources - as sent by
the initiating request.
v1.2.5
--------------------------------------------------------------------------------
* fixes a deadlock that caused connections to get stuck in output, locking
up the connection and a server thread forever. Thanks to @FrankStolle for
reporting and getting the necessary data.
v1.2.4
--------------------------------------------------------------------------------
* removed all H2*Timeout directives. HTTP/2 uses not the same Timeout and
KeepAliveTimeout as HTTP/1.1.
* enforcing the Timeout value on read and write operations from the selected
virtual host (TLS+SNI). httpd was wrongly using the defaults set in the
base server config.
* add DEBUG logging to see if writing properly returns to catch a connection
hanger reported in #79
v1.2.3
--------------------------------------------------------------------------------
* connection timeout handling when requests do not report back
* setting correct server config for event mpm on main connection, so that
timeouts, keepalives use the correct values
* fixes event hack to match changes in structures
v1.2.2
--------------------------------------------------------------------------------
* removed unused code
v1.2.1
--------------------------------------------------------------------------------
* fixed compilation error because of stupid own log2n function
* fixed cache digest calculation to spit out same values as Kazuho Oku's
reference implementation (https://github.com/kazuho/h2-cache-digest).
v1.2.0
--------------------------------------------------------------------------------
* Each connection now has a push diary where already pushed resources are
recorded (as 64-bit subsets sha256 URL hashes). The maximum size of a diary
can be configured with the new directive 'H2PushDiarySize'. The default is 256.
* The module recognizes the request header 'Cache-Digest', carrying a base64url
encoded set of hash values using Golomb set encoding as described in
https://datatracker.ietf.org/doc/draft-kazuho-h2-cache-digest/
This is highly experimental and will most likely change in format and
interpretation as the draft evolves. For now, this value is used to replace
the current push diary. This allows clients to inform the server about
which resources they already have cached.
* module configuration now looks to the crypto library (because it wants SHA256
from it). If it is not found, a replacement hash is used, however this is
not interoperable with cache digests from clients, e.g. hits will be missed.
* the module has a new handler named "http2-status" which exposes certain
properties and statistics of the *current* HTTP/2 connection. It can be
configured just like:
<Location "/http2-status">
SetHandler http2-status
</Location>
The usual precautions about exposing some internals of your server to the
outside world apply. Just as for "server-status"."
* Due to more test cases and new functions, more bugs have been exposed,
examined and exterminated.
v1.1.0
--------------------------------------------------------------------------------
* GOAWAY will be sent when a HTTP/2 connection is shutdown, whenever the
connection still allows it. Calculation of the last stream id has been
corrected to include streams started, not only streams finished processing.
* several issues fixed with new fuzzing tests that simulate random closes
and delays/timeouts
* H2SessionExtraFiles are now shared between all sessions in the same process.
It now works like this:
H2MaxWorkers * H2SessionFiles is assumed to be the total number of file
handles that can be safely used for HTTP/2 transfers without other parts
of the server running out of handles. This number is shared between all
HTTP/2 connections in the same server process.
The default is set to 2. With H2MaxWorkers on most platforms/mpms
defaulting to 25 that gives a maximum of 50 handles that can be invoved in
transfers.
I think I have to write a blog post one day of how this works and affects
performance. tl;dr the more handles http2 may use, the faster static files
can be served.
* KeepAlive is not correctly visible on the server status page for HTTP/2
connections. (Would like more info there, need to extend the scoreboard
for it.)
* KeepAlive connections are *not* set aside in async MPMs such as event. This
is a very desirable feature, but I could not get it to work reliably with
the existing MPM interface. Will work on that for the next Apache release.
(The main problem is that event will silently close such connections and
http2 has no chance to send a last GOAWAY frame. That makes clients fail
requests which they have just started.)
v1.0.18
--------------------------------------------------------------------------------
* fixed race condition in connnection shutdown that could cause indefinite
hang, fixed cleanup of http2 worker threads, thanks to Yann Ylavic
v1.0.17
--------------------------------------------------------------------------------
* H2Timeout/H2KeepAliveTimeout now defaults to what ever is set for HTTP/1
connections via Timeout/KeepAliveTimeout
* fixes in calculating remaining timeout values
v1.0.16
--------------------------------------------------------------------------------
* simplified connection shutdown and worker join for robustness
* improved performance for small requests due to less locking
* http2 connections work in event with normal server KeepAliveTimeout setting
v1.0.15
--------------------------------------------------------------------------------
* fixed busy loops on random connection errors
* fixed connection state for event MPM that shutdown child with 'G' status
* changed default for H2KeepAliveTimeout. For async MPMs (event), will leave
keepalive handling to the MPM. For sync (worker, prefork), will default to
whatever is set for H2Timeout.
v1.0.14
--------------------------------------------------------------------------------
* fixed segfault on connection shutdown
* added support for accept-push-policy headers, see
https://tools.ietf.org/html/draft-ruellan-http-accept-push-policy-00
v1.0.13
--------------------------------------------------------------------------------
* reworked connection state handling. Improved scoreboard update (server-status).
Default on H2KeepAliveTimeout same as H2Timeout, 5 seconds. After that,
connections are closed.
On asynchronous MPMs (event), keep-alive connections no longer block threads,
but exact timeout handling is then up to the MPM. In these MPMs, having a
longer H2KeepAliveTimeout may be suitable.
* new CGI environment variables HTTP2 and H2PUSH. With former "on", the
connection uses HTTP/2. With latter "on", the request may trigger Server Push
via Link headers, as both server and clients support it.
v1.0.12
--------------------------------------------------------------------------------
* alpha release on top of Apache httpd 2.4.18
* removed sandbox from build, needs installed 2.4.18 + apxs
* new directives:
- H2Timeout timeout of a http/2 connection (seconds), default 5
- H2KeepAliveTimeout timeout of an idle http/2 connection (seconds), default 300
- H2StreamTimeout timeout on individual streams (seconds), default 120
you can set them to `0` in which case no timeout may apply. You may try that
for the stream timeouts if you have problems. This is the very experimental
part right now...
* improved handling of connection closes to make a better effort on freeing
worker threads still involved in streams.
* worker numbers are constant MaxThreadsPerChild by default
* fixed bug on handling large input without content length
v1.0.3
--------------------------------------------------------------------------------
* copy from https://svn.apache.org/repos/asf/httpd/httpd/trunk
* includes proposed backport patch for Apache httpd 2.4.17
* improved https:// throughput
* vastly improved http:// throughput
* several stability and logging improvements
* connection reuse: virtual hosts that have exactly the same TLS setup
(certificates, protocol, ciphers and all) allow using a single HTTP/2
connection.
* h2c: first HTTP/1.1 request on a connection will announce additionally
available and more preferred protocols in the ```Upgrade``` response
header.
* H2Direct is by default on for cleartext connections where h2c is an
allowed protocol. Or, the other way around, it is always disabled unless
h2/h2c is configured.
* TLS handshake is triggered earlier, allowing all connection hooks which
register behind mod_ssl to see negotiated values.
* new experimental directives ```H2TLSWarmUpSize``` and ```H2TLSCoolDownSecs```
that specify how TLS record sizes should used during the lifetime of a
connection.
* H2TLSWarmUpSize: amount of bytes to send in small (~1300 bytes) chunks,
so that packets fit inside a single MTU. After this many bytes have
been sent, data is written with max size of 16 KB when possible.
* H2TLSCoolDownSecs: number of idle seconds to pass before a warmed
up TLS connection falls back to small chunks again.
Set both to 0 to always write max chunks. Defaults are 1 MB and 1 second.
* HTTP/2 priorities are now respected when scheduling streams for handling.
This effects which queued task is handled first whenever a worker becomes
available.
* New directive ```H2ModernTLSOnly on|off``` that checks connections for
TLS protocol version and negotiated ciphers, so that HTTP/2 connections
only happen on ```modern``` TLS and none of the ciphers in the black
list from RFC 7540 are used.
* 'HTTP/2.0' is written in log files when requests are served via mod_http2.
* updated test cases from Apache tests
* configure now builds the sandbox by default, too many user problems
otherwise
v0.9.9 - 1.0.2
--------------------------------------------------------------------------------
never happened here, but at http://httpd.apache.org
v0.9.8
--------------------------------------------------------------------------------
* server protocol of requests served via mod_h2 is now `HTTP/2`
* directive `H2SerializeHeaders` had no effect any longer, fixed.
* requests served in `H2SerializeHeaders on` hosts, report `HTTP/1.1` as
protocol. This is the mode to enabled when having compatiblity issues.
v0.9.7
--------------------------------------------------------------------------------
* update of core-protocols.patch to v4
* "Protocols" default changed. servers/vhosts need to explicitly enable h2/h2c
now. For example with `Protocols h2 http/1.1`
* adding test cases for "Protocols" ordering
* configuration option -enable-werror now sets compiler flags to go for Apache
httpd standard code restrictions.
v0.9.6
--------------------------------------------------------------------------------
* for closed h2 connections proper state is set. Fixes resource/worker handling
issues in mpm_event
* upgrade the core-protocols patch to the latest relevant apache changes
* if not explicitly configured, H2SessionExtraFiles gets a default usable in
proecsses with 256 max file handles and depending on mpm used.
* upgraded sandbox to nghttp2 1.3.0
v0.9.5
--------------------------------------------------------------------------------
* fix for resource management when running with mpm_event
v0.9.4
--------------------------------------------------------------------------------
* mod_h2 is a copy of the module in Apache httpd trunk
* requires a patched httpd for new Protocols feature. Patch applied in sandbox,
available for own use in sandbox/httpd/patches/core_protocols_release.patch.
* See README.me about changes, especially the chapter about Migration
* Several H2* directives have disappeared, also see Migration in README.md
* This version should be close to the release candidate. Report any issues
here at github or on the apache httpd dev mailing list
v0.8.3
--------------------------------------------------------------------------------
* Fixed typo in module setup during installation that broke enabling the module
via a2enmod.
v0.8.2
--------------------------------------------------------------------------------
* In case "H2SerializeHeaders On" is configured, errorneous requests led to
500 responses. Fixed by installing post_read hooks really early now.
v0.8.1
--------------------------------------------------------------------------------
* added some defensive code for configurations at user that produced duplicate
response headers
* added httpd/trunk fix to allocate task memory pools under mplx locking
v0.8.0
--------------------------------------------------------------------------------
* when serving static files, these are kept open longer (and buffer copied
less). Use config "H2SessionExtraFiles" to change the value. The more you
can give per connection, the better. But you may run out of open file
handles, if not careful. Default value is 5, which seems to work on my
config with mpms worker, event and prefork. Basically, eaach httpd process
needs at least #connections + #workers + (#conn * #extrafiles) available.
* main connection buffering, buffer sizes and write sizes are configurable,
see README.md for the list of options. buffer sizes and write sizes influence
the TLS performance. Defaults seem reasonably, but ymmv.
* general performance improved due to better handling of stream close and
resource cleanup
* prefork mpm confirmed working. Unless configured otherwise, each session
will only have 1 worker thread. Raise this with "H2MaxWorkers"
* changed sandbox cipher config to mozilla recommendation (thanks Lucas)
* sandbox update to nghttp2 1.0.5
v0.7.3
--------------------------------------------------------------------------------
* sandbox update to nghttp2 1.0.4
* rework of stream scheduling and thread sync
* test suite runs with mpm_prefork on OS X and Ubuntu (feedback welcome)
v0.7.2
--------------------------------------------------------------------------------
* fixes crash with certain modules that (correctly) expected their
pre_connection hooks to work. Solves #28
* fixes log statements and Makefile to compile sandbox on 32bit linux
v0.7.1
--------------------------------------------------------------------------------
* h2_mplx now uses reference counting to enable a controlled destruction on
session termination. If this fixes all the crashes reported, remains to
be seen.
v0.7.0
--------------------------------------------------------------------------------
* switching to nghttp2 v1.0.*, compilation + linkage with nghttp2 v0.7.* will
not work any more as there have been changes in nghttp2's API. The sandbox
builds against v1.0.2 and also pulls curl 7.43.0 which did the same version
switch.
* keeping support for h2-16/h2-14 ALPN identifiers until a 1.0 release
* varying h2 support (on|off) among virtual hosts on the same port is now
possible and should work correctly.
* improved mod_ssl alpn patch to correctly select the proper virtual host
even if the SSL library invokes SNI after ALPN callbacks.
* Disabled NPN support in sandbox built. The patch for httpd 2.4.x is still
there, but no longer applied.
* KNOWN ISSUE: when using mpm_event, the error
"error scoreboard is full, not at MaxRequestWorkers"
sometimes happens. Under investigation. mpm_worker ist stable and recommended
for now.
v0.6.6
--------------------------------------------------------------------------------
* adding sni_misdirect.patch for httpd/mod_ssl that changes status code when
TLS connections are reused for other vhosts.
v0.6.5
--------------------------------------------------------------------------------
* httpd scoreboard fixups: scoreboard handles are still updated on the main
connection from all stream request incoming from it, since it is not trivial
to get new handles for h2 workers. Updating of scoreboard status has been
improved, no workers remain on "G"raceful shutdown in load tests any longer.
* some refacoring to isolate tls/alpn/upgrade code
* adding php-wrapper script to distribution, was missing
v0.6.4
--------------------------------------------------------------------------------
* accepting "h2" on Upgrade: headers and allowing also Upgrade to work on TLS
connections that talk HTTP/1.1.
* logging WARNING once when mod_h2 is used in a "prefork" mpm configuration.
There seem to be issues with mod_proxy/rewrite and dankging I/O.
* added test suites for combinations with mod_proxy and mod_rewrite
* added test for request with Host: header where h2 is not enabled
* sandbox now builds local openssl 1.0.2 if 1.0.1 or older are installed
on the system. Prior 1.0.1 was accepted, but NPN support will be disabled
soon.
* added "Known Problems" section in README
* direct mode should also work with TLS connections, untested currently.
v0.6.3
--------------------------------------------------------------------------------
* h2c direct mode is now enabled on http: virtual hosts. It can be disabled
by configuring "H2Direct off" for the base server. This works for clients
with prior knowledge that a http server supports h2c.
v0.6.2
--------------------------------------------------------------------------------
* added "H2Direct (on|off)" as config directive. On a non-TLS host, it enables
direct h2c communication without any Upgrade dance. Useful for testing, for
example with h2load.
* fixed concurrency issue observed on a mpm_event server when closing sessions
v0.6.1
--------------------------------------------------------------------------------
* relaxing task finished sync due to segfaults with mpm_event
* mod_reqtimeout enabled on stream processing again
* merged pr from ecovener, fix for ap_update_vhost_from_headers use
* tinkering with buffering on main connection
v0.6.0
--------------------------------------------------------------------------------
* fiddling around with task/worker assignments to use the global h2_workers
lock less, giving better parallelism
* ./configure --enable-werror enables all sorts of compiler diagnostics, if
the chosen compiler supports them
* merged pull request with compiler warning fixes by LPardue and @samhurst
(Thanks!)
* new config option "H2SerializeHeaders (On|Off)" that determines if request
response headers should be serialized/parsed when converting from HTTP/2 to
httpd's internal HTTP/1 processing or request_recs are manipulated directly.
"Off" is default, "On" gives better compatibility.
* new config options "H2HackMpmEvent (On|Off) that enables a hack to make
internal connection work with the mpm_event module. Has no effect if other
mpm modules have been configured. Defaults to "On"."
* upgrading sandbox to nghttp2 0.7.15
v0.5.6
--------------------------------------------------------------------------------
* making SSL variables available in subprocess (e.g. CGI) environments if
configured (fixes #19)
v0.5.5
--------------------------------------------------------------------------------
* improved transfer of large resources by 50% by more efficient writes
v0.5.4
--------------------------------------------------------------------------------
* moving request handling and http/1 emulation into worker thread, offloading
main
* some fixes in connection shutdown re race condition with still active workers
* removing reqtimeout filters on stream connections
* taking in latest alpn changes from httpd trunk, made separate npn patch for
those who need to run with openssl 1.0.1
* fixed handling of transient bucket in stream output data (led to corrupted
responses)
* reworked task join to eliminate race conditions during session shutdown
* info logging is less verbose
v0.5.2
--------------------------------------------------------------------------------
* rewrote the input handling
* forwarding headers in camel case to HTTP/1 request prossing
* merging duplicate headers into single line with proper separators
* eliminated h2_bucket by using apr_bucket_brigades everywhere
* added test cases and fixed chunked input processing
* sandbox now uses curl 7.42.0
* enhanced alpn patch slightly, compatible to old one, no need to repatch mod_ssl on existing installations
* adding some tests with fcgi, for sandbox testing please install php5-cgi
v0.5.1
--------------------------------------------------------------------------------
* ensuring HOST header is properly set for internal request handling
* updated sandbox to latest nghttp2 release
v0.5.0
--------------------------------------------------------------------------------
* improved resource handling and performance
* fixes lookup of correct server config when several virtual hosts are
available
v0.4.5
--------------------------------------------------------------------------------
* fixed base64 decoding to use correct dialect when upgrading to h2c
v0.4.4
--------------------------------------------------------------------------------
* adds missing file in distribution tar, fixes #11
* sandbox now uses nghttp2 0.7.11
v0.4.3
--------------------------------------------------------------------------------
* heavy work on internal data transfers, use of apache bucket brigades for
improved performance and parallelism
* mod_h2 now performs proper flow-control on input. Uploads can no longer
flood memory of the server.
* changed mod_ssl patch to reflect current trunk changes in regard to NPN/ALPN
support.
* patched the trunk ALPN patch to make it do the right thing if no
ALPNPreference is configured
* added DESTDIR support in Makefile as supplied by Hanno Böck.
v0.4.2
--------------------------------------------------------------------------------
* adding more low-level logging to NPN/ALPN negotiation
* added '-Werror' to module compiler flags (thanks @devurandom)
* debugged and tcpdumped around h2c startup handling with curl on certain
platforms. If you experience connection hangers, report pls with 'trace2'
level error log.
v0.4.1
--------------------------------------------------------------------------------
* fixing infinite loop when aborting session with tasks hanging in read
v0.4.0
--------------------------------------------------------------------------------
* h2 + h2-16 will be negiotiated/upgraded. Priority handling is implemented
in nghttp2, however assigning requests to workers has currently not the