Commit Graph

93 Commits

Author SHA1 Message Date
antirez
a81a92ca2c Security: Cross Protocol Scripting protection.
This is an attempt at mitigating problems due to cross protocol
scripting, an attack targeting services using line oriented protocols
like Redis that can accept HTTP requests as valid protocol, by
discarding the invalid parts and accepting the payloads sent, for
example, via a POST request.

For this to be effective, when we detect POST and Host: and terminate
the connection asynchronously, the networking code was modified in order
to never process further input. It was later verified that in a
pipelined request containing a POST command, the successive commands are
not executed.
2016-08-03 11:12:32 +02:00
antirez
55385f99de Ability of slave to announce arbitrary ip/port to master.
This feature is useful, especially in deployments using Sentinel in
order to setup Redis HA, where the slave is executed with NAT or port
forwarding, so that the auto-detected port/ip addresses, as listed in
the "INFO replication" output of the master, or as provided by the
"ROLE" command, don't match the real addresses at which the slave is
reachable for connections.
2016-07-27 17:32:15 +02:00
antirez
0a628e5102 Avoid simultaneous RDB and AOF child process.
This patch, written in collaboration with Oran Agra (@oranagra) is a companion
to 780a8b1. Together the two patches should avoid that the AOF and RDB saving
processes can be spawned at the same time. Previously conditions that
could lead to two saving processes at the same time were:

1. When AOF is enabled via CONFIG SET and an RDB saving process is
   already active.

2. When the SYNC command decides to start an RDB saving process ASAP in
   order to serve a new slave that cannot partially resynchronize (but
   only if we have a disk target for replication, for diskless
   replication there is not such a problem).

Condition "1" is not very severe but "2" can happen often and is
definitely good at degrading Redis performances in an unexpected way.

The two commits have the effect of always spawning RDB savings for
replication in replicationCron() instead of attempting to start an RDB
save synchronously. Moreover when a BGSAVE or AOF rewrite must be
performed, they are instead just postponed using flags that will try to
perform such operations ASAP.

Finally the BGSAVE command was modified in order to accept a SCHEDULE
option so that if an AOF rewrite is in progress, when this option is
given, the command no longer returns an error, but instead schedules an
RDB rewrite operation for when it will be possible to start it.
2016-07-21 18:35:01 +02:00
antirez
2d5eb1f1a0 Volatile-ttl eviction policy implemented in terms of the pool.
Precision of the eviction improved sensibly. Also this allows us to have
a single code path for most eviction types.
2016-07-20 19:54:12 +02:00
antirez
6854c7b9ee LFU: make counter log factor and decay time configurable. 2016-07-20 15:00:35 +02:00
antirez
5d07984c5d LFU: Redis object level implementation.
Implementation of LFU maxmemory policy for anything related to Redis
objects. Still no actual eviction implemented.
2016-07-15 12:12:58 +02:00
antirez
e423f76e75 LRU: Make cross-database choices for eviction.
The LRU eviction code used to make local choices: for each DB visited it
selected the best key to evict. This was repeated for each DB. However
this means that there could be DBs with very frequently accessed keys
that are targeted by the LRU algorithm while there were other DBs with
many better candidates to expire.

This commit attempts to fix this problem for the LRU policy. However the
TTL policy is still not fixed by this commit. The TTL policy will be
fixed in a successive commit.

This is an initial (partial because of TTL policy) fix for issue #2647.
2016-07-13 13:12:30 +02:00
antirez
965905c9f2 Move the struct evictionPoolEntry() into only file using it.
Local scope is always better when possible.
2016-07-12 12:22:38 +02:00
antirez
d8e92a8207 Move prototype of evictionPoolAlloc() in server.h. 2016-07-12 12:22:35 +02:00
antirez
b46239e58b Expire and LRU related code moved into different files. 2016-07-06 15:24:06 +02:00
antirez
b99ad1bd80 Make tcp-keepalive default to 300 in internal conf.
We already changed the default in the redis.conf template, but I forgot
to change the internal config as well.
2016-07-04 12:08:42 +02:00
antirez
e9f31ba9c2 In Redis RDB check: better error reporting. 2016-07-01 09:36:52 +02:00
Salvatore Sanfilippo
28ea585fce Merge pull request #3336 from yossigo/create_string_from_string
Add RedisModule_CreateStringFromString().
2016-06-23 16:16:28 +02:00
Yossi Gottlieb
61172ed01e Add RedisModule_CreateStringFromString(). 2016-06-22 21:02:40 +03:00
Yossi Gottlieb
8f3a4df775 Use const in Redis Module API where possible. 2016-06-20 23:08:06 +03:00
antirez
41d804d9dc TTL and TYPE LRU access fixed. TOUCH implemented. 2016-06-14 15:33:59 +02:00
antirez
a4bce77e92 Don't assume no padding or specific ordering in moduleLoadQueueEntry structure.
We need to be free to shuffle fields or add more fields in a structure
without breaking code.

Related to issue #3293.
2016-06-13 09:51:06 +02:00
antirez
1ad5c22763 Minor changes to unifor C style to Redis code base for PR #3293. 2016-06-13 09:39:44 +02:00
Yossi Gottlieb
cc58f11ccc Use RedisModuleString for OnLoad argv. 2016-06-05 13:18:24 +03:00
Yossi Gottlieb
2bd13cf0eb Allow passing arguments to modules on load. 2016-06-05 11:37:24 +03:00
antirez
8ec28002be Modules: support for modules native data types. 2016-06-03 18:14:04 +02:00
antirez
4aae4f7d35 RDB v8: ability to save uint64_t lengths. 2016-06-01 11:35:47 +02:00
Salvatore Sanfilippo
bafed3ddd6 Merge pull request #3222 from oranagra/more_minir_fixes
minor fixes - mainly signalModifiedKey, and GEORADIUS
2016-05-18 07:50:53 -07:00
antirez
ffd1600ccf Clarify that the LOG_STR_SIZE includes null term. 2016-05-18 15:23:35 +02:00
antirez
227d68094b Modules: command <-> core interface modified to get flags & keys. 2016-05-10 06:40:09 +02:00
antirez
10993ca0d5 Modules: Hash type API WIP #1. 2016-05-10 06:40:09 +02:00
antirez
db3ade22eb Modules: zset lex iterator #2. 2016-05-10 06:40:09 +02:00
antirez
2b04f86ae5 Modules: zset lex iterator #1. 2016-05-10 06:40:08 +02:00
antirez
083f5277c5 Modules: zset iterator redesign #1. 2016-05-10 06:40:08 +02:00
antirez
f362f7a18a Modules: sorted set iterators WIP #3. 2016-05-10 06:40:08 +02:00
antirez
6eeeda39e9 Modules: sorted set iterators WIP #2. 2016-05-10 06:40:08 +02:00
antirez
eac5a13cb7 Modules: sorted set iterators WIP. 2016-05-10 06:40:08 +02:00
antirez
6dead2cff5 Modules: first preview 31 March 2016. 2016-05-10 06:40:05 +02:00
oranagra
9682b616a2 minor fixes - mainly signalModifiedKey, and GEORADIUS 2016-05-09 12:05:33 +03:00
Salvatore Sanfilippo
91b4966783 Merge pull request #3188 from therealbill/unstable
maxmemory_policy fix for #3187
2016-05-05 09:02:25 +02:00
Oran Agra
5e3880a492 various cleanups and minor fixes 2016-04-25 16:49:57 +03:00
therealbill
14086a46ca fix for #3187
I've renamed maxmemoryToString to evictPolicyToString since that is
more accurate (and easier to mentally connect with the correct data), as
well as updated the function to user server.maxmemory_policy rather than
server.maxmemory. Now with a default config it is actually returning
the correct policy rather than volatile-lru.
2016-04-22 10:43:48 -05:00
antirez
dda0f37f11 ZREM refactored into proper API. 2016-04-15 15:20:57 +02:00
antirez
6f926c3e83 ZRANK refactored into proper API. 2016-04-15 12:47:03 +02:00
antirez
b73c7af0f4 zsetAdd() API exposed into server.h. 2016-04-14 16:00:08 +02:00
antirez
70af626d61 BITFIELD command initial implementation.
The new bitfield command is an extension to the Redis bit operations,
where not just single bit operations are performed, but the array of
bits composing a string, can be addressed at random, not aligned
offsets, with any width unsigned and signed integers like u8, s5, u10
(up to 64 bit signed integers and 63 bit unsigned integers).

The BITFIELD command supports subcommands that can SET, GET, or INCRBY
those arbitrary bit counters, with multiple overflow semantics.

Trivial and credits:

A similar command was imagined a few times in the past, but for
some reason looked a bit far fetched or not well specified.
Finally the command was proposed again in a clear form by
Yoav Steinberg from Redis Labs, that proposed a set of commands on
arbitrary sized integers stored at bit offsets.

Starting from this proposal I wrote an initial specification of a single
command with sub-commands similar to what Yoav envisioned, using short
names for types definitions, and adding control on the overflow.

This commit is the resulting implementation.

Examples:

    BITFIELD mykey OVERFLOW wrap INCRBY i2 10 -1 GET i2 10
2016-02-26 15:00:19 +01:00
antirez
cf42c48adc addReplyHumanLongDouble() API added.
Send a long double or double as a bulk reply, in a human friendly
format.
2016-02-18 22:08:50 +01:00
antirez
bb75ecddfd New options for GEORADIUS: STORE and STOREDIST.
Related to issue #3019.
2016-02-18 10:24:16 +01:00
antirez
e27b9b1cec Merge branch 'cluster-docker' into unstable 2016-02-01 18:01:22 +01:00
antirez
cdbe8a6ae1 Typo ASII -> ASCII fixed in comment. 2016-01-29 12:08:10 +01:00
antirez
11436b1449 Cluster announce ip / port initial implementation. 2016-01-29 09:06:37 +01:00
antirez
b0939303e6 Cluster announce ip / port configuration handling. 2016-01-29 09:06:37 +01:00
antirez
edd4d555df New security feature: Redis protected mode.
An exposed Redis instance on the internet can be cause of serious
issues. Since Redis, by default, binds to all the interfaces, it is easy
to forget an instance without any protection layer, for error.

Protected mode try to address this feature in a soft way, providing a
layer of protection, but giving clues to Redis users about why the
server is not accepting connections.

When protected mode is enabeld (the default), and if there are no
minumum hints about the fact the server is properly configured (no
"bind" directive is used in order to restrict the server to certain
interfaces, nor a password is set), clients connecting from external
intefaces are refused with an error explaining what to do in order to
fix the issue.

Clients connecting from the IPv4 and IPv6 lookback interfaces are still
accepted normally, similarly Unix domain socket connections are not
restricted in any way.
2016-01-07 13:00:14 +01:00
antirez
a1c9c05e17 Hopefully better memory test on crash.
The old test, designed to do a transformation on the bits that was
invertible, in order to avoid touching the original memory content, was
not effective as it was redis-server --test-memory. The former often
reported OK while the latter was able to spot the error.

So the test was substituted with one that may perform better, however
the new one must backup the memory tested, so it tests memory in small
pieces. This limits the effectiveness because of the CPU caches. However
some attempt is made in order to trash the CPU cache between the fill
and the check stages, but not for the addressing test unfortunately.

We'll see if this test will be able to find errors where the old failed.
2015-12-16 17:41:22 +01:00
antirez
ac8f4a6af9 memtest.c now can be called as API in non interactive mode. 2015-12-16 12:31:42 +01:00