488 Commits

Author SHA1 Message Date
oranagra
92038286e8 fix tcp binding when IPv6 is unsupported 2016-09-09 14:59:21 +02:00
antirez
feda52381d RDB AOF preamble: WIP 2. 2016-08-09 16:41:40 +02:00
antirez
a81a92ca2c Security: Cross Protocol Scripting protection.
This is an attempt at mitigating problems due to cross protocol
scripting, an attack targeting services using line oriented protocols
like Redis that can accept HTTP requests as valid protocol, by
discarding the invalid parts and accepting the payloads sent, for
example, via a POST request.

For this to be effective, when we detect POST and Host: and terminate
the connection asynchronously, the networking code was modified in order
to never process further input. It was later verified that in a
pipelined request containing a POST command, the successive commands are
not executed.
2016-08-03 11:12:32 +02:00
antirez
ede6e22cd3 Fix comment over 80 cols. 2016-08-03 10:56:26 +02:00
antirez
55385f99de Ability of slave to announce arbitrary ip/port to master.
This feature is useful, especially in deployments using Sentinel in
order to setup Redis HA, where the slave is executed with NAT or port
forwarding, so that the auto-detected port/ip addresses, as listed in
the "INFO replication" output of the master, or as provided by the
"ROLE" command, don't match the real addresses at which the slave is
reachable for connections.
2016-07-27 17:32:15 +02:00
antirez
0a628e5102 Avoid simultaneous RDB and AOF child process.
This patch, written in collaboration with Oran Agra (@oranagra) is a companion
to 780a8b1. Together the two patches should avoid that the AOF and RDB saving
processes can be spawned at the same time. Previously conditions that
could lead to two saving processes at the same time were:

1. When AOF is enabled via CONFIG SET and an RDB saving process is
   already active.

2. When the SYNC command decides to start an RDB saving process ASAP in
   order to serve a new slave that cannot partially resynchronize (but
   only if we have a disk target for replication, for diskless
   replication there is not such a problem).

Condition "1" is not very severe but "2" can happen often and is
definitely good at degrading Redis performances in an unexpected way.

The two commits have the effect of always spawning RDB savings for
replication in replicationCron() instead of attempting to start an RDB
save synchronously. Moreover when a BGSAVE or AOF rewrite must be
performed, they are instead just postponed using flags that will try to
perform such operations ASAP.

Finally the BGSAVE command was modified in order to accept a SCHEDULE
option so that if an AOF rewrite is in progress, when this option is
given, the command no longer returns an error, but instead schedules an
RDB rewrite operation for when it will be possible to start it.
2016-07-21 18:35:01 +02:00
antirez
6854c7b9ee LFU: make counter log factor and decay time configurable. 2016-07-20 15:00:35 +02:00
antirez
e423f76e75 LRU: Make cross-database choices for eviction.
The LRU eviction code used to make local choices: for each DB visited it
selected the best key to evict. This was repeated for each DB. However
this means that there could be DBs with very frequently accessed keys
that are targeted by the LRU algorithm while there were other DBs with
many better candidates to expire.

This commit attempts to fix this problem for the LRU policy. However the
TTL policy is still not fixed by this commit. The TTL policy will be
fixed in a successive commit.

This is an initial (partial because of TTL policy) fix for issue #2647.
2016-07-13 13:12:30 +02:00
antirez
d8e92a8207 Move prototype of evictionPoolAlloc() in server.h. 2016-07-12 12:22:35 +02:00
antirez
b46239e58b Expire and LRU related code moved into different files. 2016-07-06 15:24:06 +02:00
antirez
e9f31ba9c2 In Redis RDB check: better error reporting. 2016-07-01 09:36:52 +02:00
antirez
e97fadb045 In Redis RDB check: initial POC.
So far we used an external program (later executed within Redis) and
parser in order to check RDB files for correctness. This forces, at each
RDB format update, to have two copies of the same format implementation
that are hard to keep in sync. Morover the former RDB checker only
checked the very high-level format of the file, without actually trying
to load things in memory. Certain corruptions can only be handled by
really loading key-value pairs.

This first commit attempts to unify the Redis RDB loadig code with the
task of checking the RDB file for correctness. More work is needed but
it looks like a sounding direction so far.
2016-06-30 23:44:44 +02:00
Yusaku Kaneta
b6c4822f7c Fix the firstkey, lastkey, and keystep of moduleCommand 2016-06-29 18:09:16 +09:00
Misha Nasledov
7a5538d3a9 Fix incorrect comment for checkForSentinelMode function 2016-06-16 16:50:53 -07:00
antirez
41d804d9dc TTL and TYPE LRU access fixed. TOUCH implemented. 2016-06-14 15:33:59 +02:00
antirez
5beec9743e Merge branch 'unstable' of github.com:/antirez/redis into unstable 2016-06-10 10:12:11 +02:00
antirez
b664aebda1 Improve timer callback creation comment. 2016-06-08 16:07:32 +02:00
Pierre Chapuis
d88c3c77be make RPUSHX and LPUSHX variadic 2016-06-05 16:50:24 +02:00
Itamar Haber
2866e023f8 Allow SPOP from Lua scripts
The existing `R` flag appears to be sufficient and there's no apparent reason why the command should be blocked.
2016-05-28 20:01:46 +03:00
Salvatore Sanfilippo
bafed3ddd6 Merge pull request #3222 from oranagra/more_minir_fixes
minor fixes - mainly signalModifiedKey, and GEORADIUS
2016-05-18 07:50:53 -07:00
antirez
227d68094b Modules: command <-> core interface modified to get flags & keys. 2016-05-10 06:40:09 +02:00
antirez
6dead2cff5 Modules: first preview 31 March 2016. 2016-05-10 06:40:05 +02:00
oranagra
9682b616a2 minor fixes - mainly signalModifiedKey, and GEORADIUS 2016-05-09 12:05:33 +03:00
antirez
68dd1c9155 Revert "Fix commandCommand arity"
This reverts commit 1189a4eae6d009fc0da8d50fd542ba1391542165.

Actually this is wrong, the command can be called without args at all.
2016-05-05 17:36:05 +02:00
Ruben Bridgewater
efa0840707 Fix commandCommand arity 2016-05-05 17:20:14 +02:00
antirez
971e3c51b6 Cluster: make getNodeByQuery() responsible of -CLUSTERDOWN errors.
This fixes a bug introduced by d827dbf, and makes the code consistent
with the logic of always allowing, while the cluster is down, commands
that don't target any key.

As a side effect the code is also simpler now.
2016-05-05 11:33:43 +02:00
antirez
c77b95fd01 Bind both IPv4 and IPv6 or exit with an error by default.
Thanks to @tushar2708 for the PR. I applied a slightly different fix.
Thanks to @cespare for reporting.

Close #3024
Close #3020
2016-05-05 10:02:42 +02:00
Chris Thunes
d827dbfda7 Ensure slots are rechecked on EXEC.
Fixes #2515.
2016-05-05 09:35:20 +02:00
Salvatore Sanfilippo
91b4966783 Merge pull request #3188 from therealbill/unstable
maxmemory_policy fix for #3187
2016-05-05 09:02:25 +02:00
antirez
995b9ffe07 Allow CONFIG GET during loading.
Thanks to @oranagra for the idea of allowing CONFIG GET during loading.
2016-05-04 15:45:45 +02:00
antirez
5500c51083 Command "r" flag removed from commands not accessing the key space.
Thanks to @oranagra for the hint about misplaced 'r' flags.
2016-05-04 15:42:33 +02:00
antirez
840ac20855 DEBUG command self documentation. 2016-05-04 12:45:55 +02:00
therealbill
14086a46ca fix for #3187
I've renamed maxmemoryToString to evictPolicyToString since that is
more accurate (and easier to mentally connect with the correct data), as
well as updated the function to user server.maxmemory_policy rather than
server.maxmemory. Now with a default config it is actually returning
the correct policy rather than volatile-lru.
2016-04-22 10:43:48 -05:00
antirez
e85d6f22cf Fix INFO commandstats reporting when argv is rewritten.
We want to report the original command in the stats, for example GEOADD,
even when what is actually executed is the ZADD implementation.
2016-03-02 08:56:50 +01:00
antirez
70af626d61 BITFIELD command initial implementation.
The new bitfield command is an extension to the Redis bit operations,
where not just single bit operations are performed, but the array of
bits composing a string, can be addressed at random, not aligned
offsets, with any width unsigned and signed integers like u8, s5, u10
(up to 64 bit signed integers and 63 bit unsigned integers).

The BITFIELD command supports subcommands that can SET, GET, or INCRBY
those arbitrary bit counters, with multiple overflow semantics.

Trivial and credits:

A similar command was imagined a few times in the past, but for
some reason looked a bit far fetched or not well specified.
Finally the command was proposed again in a clear form by
Yoav Steinberg from Redis Labs, that proposed a set of commands on
arbitrary sized integers stored at bit offsets.

Starting from this proposal I wrote an initial specification of a single
command with sub-commands similar to what Yoav envisioned, using short
names for types definitions, and adding control on the overflow.

This commit is the resulting implementation.

Examples:

    BITFIELD mykey OVERFLOW wrap INCRBY i2 10 -1 GET i2 10
2016-02-26 15:00:19 +01:00
antirez
bb75ecddfd New options for GEORADIUS: STORE and STOREDIST.
Related to issue #3019.
2016-02-18 10:24:16 +01:00
Itamar Haber
31a70a8bcf Fixes a typo 2016-02-03 11:04:09 -08:00
antirez
11436b1449 Cluster announce ip / port initial implementation. 2016-01-29 09:06:37 +01:00
antirez
b0939303e6 Cluster announce ip / port configuration handling. 2016-01-29 09:06:37 +01:00
antirez
5bc7e019e1 Use a smoother running average for avg_ttl in INFO.
Reported here:
https://www.reddit.com/r/redis/comments/42r0i0/avg_ttl_varies_a_lot/
2016-01-26 15:29:30 +01:00
antirez
edd4d555df New security feature: Redis protected mode.
An exposed Redis instance on the internet can be cause of serious
issues. Since Redis, by default, binds to all the interfaces, it is easy
to forget an instance without any protection layer, for error.

Protected mode try to address this feature in a soft way, providing a
layer of protection, but giving clues to Redis users about why the
server is not accepting connections.

When protected mode is enabeld (the default), and if there are no
minumum hints about the fact the server is properly configured (no
"bind" directive is used in order to restrict the server to certain
interfaces, nor a password is set), clients connecting from external
intefaces are refused with an error explaining what to do in order to
fix the issue.

Clients connecting from the IPv4 and IPv6 lookback interfaces are still
accepted normally, similarly Unix domain socket connections are not
restricted in any way.
2016-01-07 13:00:14 +01:00
antirez
bb21537596 Fix a race that may lead to the active (slave) client to be freed.
In issue #2948 a crash was reported in processCommand(). Later Oran Agra
(@oranagra) traced the bug (in private chat) in the following sequence
of events:

1. Some maxmemory is set.
2. The slave is the currently active client and is executing PING or
   REPLCONF or whatever a slave can send to its master.
3. freeMemoryIfNeeded() is called since maxmemory is set.
4. flushSlavesOutputBuffers() is called by freeMemoryIfNeeded().
5. During slaves buffers flush, a write error could be encoutered in
   writeToClient() or sendReplyToClient() depending on the version of
   Redis. This will trigger freeClient() against the currently active
   client, so a segmentation fault will likely happen in
   processCommand() immediately after the call to freeMemoryIfNeeded().

There are different possible fixes:

1. Add flags to writeToClient() (recent versions code base) so that
   we can ignore the write errors, and use this flag in
   flushSlavesOutputBuffers(). However this is not simple to do in older
   versions of Redis.
2. Use freeClientAsync() during write errors. This works but changes the
   current behavior of releasing clients ASAP when possible. Normally
   we write to clients during the normal event loop processing, in the
   writable client, where there is no active client, so no care must be
   taken.
3. The fix of this commit: to detect that the current client is no
   longer valid. This fix is a bit "ad-hoc", but works across all the
   versions and has the advantage of not changing the remaining
   behavior. Only alters what happens during this race condition,
   hopefully.
2015-12-17 09:39:43 +01:00
antirez
218e522c82 Fix processCommand() comment about return value. 2015-12-17 09:22:16 +01:00
antirez
4e252e4c09 MIGRATE: Fix key extraction for new form. 2015-12-11 18:09:01 +01:00
antirez
da82723858 Handle wait3() errors.
My guess was that wait3() with WNOHANG could never return -1 and an
error. However issue #2897 may possibly indicate that this could happen
under non clear conditions. While we try to understand this better,
better to handle a return value of -1 explicitly, otherwise in the
case a BGREWRITE is in progress but wait3() returns -1, the effect is to
match the first branch of the if/else block since server.rdb_child_pid
is -1, and call backgroundSaveDoneHandler() without a good reason, that
will, in turn, crash the Redis server with an assertion.
2015-11-27 16:11:05 +01:00
antirez
333547dab6 Lua debugger: call wait3() if there are pending forked debugging sessions. 2015-11-17 15:43:23 +01:00
antirez
7be9170585 Lua debugger: handle forked sessions children during shutdown. 2015-11-17 15:43:22 +01:00
antirez
c494db89b5 Lua debugger: foundations implemented. 2015-11-17 15:43:20 +01:00
antirez
7cfdccd94e Remove "s" flag for MIGRATE in command table.
Maybe there are legitimate use cases for MIGRATE inside Lua scripts, at
least for now. When the command will be executed in an asynchronous
fashion (planned) it is possible we'll no longer be able to permit it
from within Lua scripts.
2015-11-17 15:43:13 +01:00
antirez
0cb66fa156 Fix MIGRATE entry in command table.
Thanks to Oran Agra (@oranagra) for reporting. Key extraction would not
work otherwise and it does not make sense to take wrong data in the
command table.
2015-11-17 15:33:09 +01:00