Mercurial > hg > nginx
annotate src/stream/ngx_stream_realip_module.c @ 6868:ee3645078759
Stream: avoid infinite loop in case of socket read error.
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Wed, 11 Jan 2017 12:01:56 +0300 |
parents | 3908156a51fa |
children | df1a62c83b1b |
rev | line source |
---|---|
573 | 1 |
2 /* | |
3 * Copyright (C) Igor Sysoev | |
4412 | 4 * Copyright (C) Nginx, Inc. |
573 | 5 */ |
6 | |
7 | |
8 #include <ngx_config.h> | |
9 #include <ngx_core.h> | |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
10 #include <ngx_stream.h> |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
11 |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
12 |
573 | 13 typedef struct { |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
14 ngx_array_t *from; /* array of ngx_cidr_t */ |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
15 } ngx_stream_realip_srv_conf_t; |
573 | 16 |
17 | |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
18 typedef struct { |
3274 | 19 struct sockaddr *sockaddr; |
20 socklen_t socklen; | |
21 ngx_str_t addr_text; | |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
22 } ngx_stream_realip_ctx_t; |
573 | 23 |
24 | |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
25 static ngx_int_t ngx_stream_realip_handler(ngx_stream_session_t *s); |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
26 static ngx_int_t ngx_stream_realip_set_addr(ngx_stream_session_t *s, |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
27 ngx_addr_t *addr); |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
28 static char *ngx_stream_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
29 void *conf); |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
30 static void *ngx_stream_realip_create_srv_conf(ngx_conf_t *cf); |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
31 static char *ngx_stream_realip_merge_srv_conf(ngx_conf_t *cf, void *parent, |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
32 void *child); |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
33 static ngx_int_t ngx_stream_realip_add_variables(ngx_conf_t *cf); |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
34 static ngx_int_t ngx_stream_realip_init(ngx_conf_t *cf); |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
35 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
36 |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
37 static ngx_int_t ngx_stream_realip_remote_addr_variable(ngx_stream_session_t *s, |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
38 ngx_stream_variable_value_t *v, uintptr_t data); |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
39 static ngx_int_t ngx_stream_realip_remote_port_variable(ngx_stream_session_t *s, |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
40 ngx_stream_variable_value_t *v, uintptr_t data); |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
41 |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
42 |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
43 static ngx_command_t ngx_stream_realip_commands[] = { |
573 | 44 |
45 { ngx_string("set_real_ip_from"), | |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
46 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
47 ngx_stream_realip_from, |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
48 NGX_STREAM_SRV_CONF_OFFSET, |
573 | 49 0, |
50 NULL }, | |
51 | |
52 ngx_null_command | |
53 }; | |
54 | |
55 | |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
56 static ngx_stream_module_t ngx_stream_realip_module_ctx = { |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
57 ngx_stream_realip_add_variables, /* preconfiguration */ |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
58 ngx_stream_realip_init, /* postconfiguration */ |
573 | 59 |
60 NULL, /* create main configuration */ | |
61 NULL, /* init main configuration */ | |
62 | |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
63 ngx_stream_realip_create_srv_conf, /* create server configuration */ |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
64 ngx_stream_realip_merge_srv_conf /* merge server configuration */ |
573 | 65 }; |
66 | |
67 | |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
68 ngx_module_t ngx_stream_realip_module = { |
573 | 69 NGX_MODULE_V1, |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
70 &ngx_stream_realip_module_ctx, /* module context */ |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
71 ngx_stream_realip_commands, /* module directives */ |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
72 NGX_STREAM_MODULE, /* module type */ |
573 | 73 NULL, /* init master */ |
681 | 74 NULL, /* init module */ |
573 | 75 NULL, /* init process */ |
76 NULL, /* init thread */ | |
77 NULL, /* exit thread */ | |
78 NULL, /* exit process */ | |
79 NULL, /* exit master */ | |
80 NGX_MODULE_V1_PADDING | |
81 }; | |
82 | |
83 | |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
84 static ngx_stream_variable_t ngx_stream_realip_vars[] = { |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
85 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
86 { ngx_string("realip_remote_addr"), NULL, |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
87 ngx_stream_realip_remote_addr_variable, 0, 0, 0 }, |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
88 |
6562
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
89 { ngx_string("realip_remote_port"), NULL, |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
90 ngx_stream_realip_remote_port_variable, 0, 0, 0 }, |
6562
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
91 |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
92 { ngx_null_string, NULL, NULL, 0, 0, 0 } |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
93 }; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
94 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
95 |
573 | 96 static ngx_int_t |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
97 ngx_stream_realip_handler(ngx_stream_session_t *s) |
573 | 98 { |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
99 ngx_addr_t addr; |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
100 ngx_connection_t *c; |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
101 ngx_stream_realip_srv_conf_t *rscf; |
573 | 102 |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
103 rscf = ngx_stream_get_module_srv_conf(s, ngx_stream_realip_module); |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
104 |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
105 if (rscf->from == NULL) { |
986
68c85f283043
ngx_http_realip_module must return NGX_DECLINED
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
106 return NGX_DECLINED; |
573 | 107 } |
108 | |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
109 c = s->connection; |
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
5263
diff
changeset
|
110 |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
111 if (c->proxy_protocol_addr.len == 0) { |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
112 return NGX_DECLINED; |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
113 } |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
114 |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
115 if (ngx_cidr_match(c->sockaddr, rscf->from) != NGX_OK) { |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
116 return NGX_DECLINED; |
573 | 117 } |
118 | |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
119 if (ngx_parse_addr(c->pool, &addr, c->proxy_protocol_addr.data, |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
120 c->proxy_protocol_addr.len) |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
121 != NGX_OK) |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
122 { |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
123 return NGX_DECLINED; |
3274 | 124 } |
125 | |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
126 ngx_inet_set_port(addr.sockaddr, c->proxy_protocol_port); |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
127 |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
128 return ngx_stream_realip_set_addr(s, &addr); |
3274 | 129 } |
130 | |
573 | 131 |
3274 | 132 static ngx_int_t |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
133 ngx_stream_realip_set_addr(ngx_stream_session_t *s, ngx_addr_t *addr) |
3274 | 134 { |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
135 size_t len; |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
136 u_char *p; |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
137 u_char text[NGX_SOCKADDR_STRLEN]; |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
138 ngx_connection_t *c; |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
139 ngx_stream_realip_ctx_t *ctx; |
573 | 140 |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
141 c = s->connection; |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
142 |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
143 ctx = ngx_palloc(c->pool, sizeof(ngx_stream_realip_ctx_t)); |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
144 if (ctx == NULL) { |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
145 return NGX_ERROR; |
3274 | 146 } |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
147 |
5263
05ba5bce31e0
Core: extended ngx_sock_ntop() with socklen parameter.
Vladimir Homutov <vl@nginx.com>
parents:
5084
diff
changeset
|
148 len = ngx_sock_ntop(addr->sockaddr, addr->socklen, text, |
05ba5bce31e0
Core: extended ngx_sock_ntop() with socklen parameter.
Vladimir Homutov <vl@nginx.com>
parents:
5084
diff
changeset
|
149 NGX_SOCKADDR_STRLEN, 0); |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
150 if (len == 0) { |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
151 return NGX_ERROR; |
3274 | 152 } |
1114
3f354952e91d
fix broken values, debug logging, and style fix
Igor Sysoev <igor@sysoev.ru>
parents:
986
diff
changeset
|
153 |
3274 | 154 p = ngx_pnalloc(c->pool, len); |
155 if (p == NULL) { | |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
156 return NGX_ERROR; |
3274 | 157 } |
1118
cec2866f29bd
a client address must be allocated from a connection pool
Igor Sysoev <igor@sysoev.ru>
parents:
1114
diff
changeset
|
158 |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
159 ngx_memcpy(p, text, len); |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
160 |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
161 ngx_stream_set_ctx(s, ctx, ngx_stream_realip_module); |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
162 |
3274 | 163 ctx->sockaddr = c->sockaddr; |
164 ctx->socklen = c->socklen; | |
165 ctx->addr_text = c->addr_text; | |
573 | 166 |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
167 c->sockaddr = addr->sockaddr; |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
168 c->socklen = addr->socklen; |
3274 | 169 c->addr_text.len = len; |
170 c->addr_text.data = p; | |
573 | 171 |
986
68c85f283043
ngx_http_realip_module must return NGX_DECLINED
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
172 return NGX_DECLINED; |
573 | 173 } |
174 | |
175 | |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
176 static char * |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
177 ngx_stream_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
178 { |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
179 ngx_stream_realip_srv_conf_t *rscf = conf; |
573 | 180 |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
181 ngx_int_t rc; |
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
182 ngx_str_t *value; |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
183 ngx_cidr_t *cidr; |
573 | 184 |
3274 | 185 value = cf->args->elts; |
186 | |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
187 if (rscf->from == NULL) { |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
188 rscf->from = ngx_array_create(cf->pool, 2, |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
189 sizeof(ngx_cidr_t)); |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
190 if (rscf->from == NULL) { |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
191 return NGX_CONF_ERROR; |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
192 } |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
193 } |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
194 |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
195 cidr = ngx_array_push(rscf->from); |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
196 if (cidr == NULL) { |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
197 return NGX_CONF_ERROR; |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
198 } |
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
199 |
3274 | 200 #if (NGX_HAVE_UNIX_DOMAIN) |
201 | |
202 if (ngx_strcmp(value[1].data, "unix:") == 0) { | |
6474 | 203 cidr->family = AF_UNIX; |
204 return NGX_CONF_OK; | |
3274 | 205 } |
206 | |
207 #endif | |
208 | |
4624
df93068953c0
realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents:
4562
diff
changeset
|
209 rc = ngx_ptocidr(&value[1], cidr); |
1380
b590a528fd41
ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents:
1118
diff
changeset
|
210 |
b590a528fd41
ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents:
1118
diff
changeset
|
211 if (rc == NGX_ERROR) { |
573 | 212 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"", |
213 &value[1]); | |
214 return NGX_CONF_ERROR; | |
215 } | |
216 | |
1380
b590a528fd41
ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents:
1118
diff
changeset
|
217 if (rc == NGX_DONE) { |
b590a528fd41
ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents:
1118
diff
changeset
|
218 ngx_conf_log_error(NGX_LOG_WARN, cf, 0, |
b590a528fd41
ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents:
1118
diff
changeset
|
219 "low address bits of %V are meaningless", &value[1]); |
b590a528fd41
ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents:
1118
diff
changeset
|
220 } |
b590a528fd41
ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents:
1118
diff
changeset
|
221 |
573 | 222 return NGX_CONF_OK; |
223 } | |
224 | |
225 | |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
226 static void * |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
227 ngx_stream_realip_create_srv_conf(ngx_conf_t *cf) |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
228 { |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
229 ngx_stream_realip_srv_conf_t *conf; |
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
230 |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
231 conf = ngx_pcalloc(cf->pool, sizeof(ngx_stream_realip_srv_conf_t)); |
573 | 232 if (conf == NULL) { |
2912
c7d57b539248
return NULL instead of NGX_CONF_ERROR on a create conf failure
Igor Sysoev <igor@sysoev.ru>
parents:
2537
diff
changeset
|
233 return NULL; |
573 | 234 } |
235 | |
236 /* | |
237 * set by ngx_pcalloc(): | |
238 * | |
239 * conf->from = NULL; | |
240 */ | |
241 | |
242 return conf; | |
243 } | |
244 | |
245 | |
246 static char * | |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
247 ngx_stream_realip_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) |
573 | 248 { |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
249 ngx_stream_realip_srv_conf_t *prev = parent; |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
250 ngx_stream_realip_srv_conf_t *conf = child; |
573 | 251 |
252 if (conf->from == NULL) { | |
253 conf->from = prev->from; | |
3305
8017f9bda3f6
fix "set_real_ip_from unix:" inheritance
Igor Sysoev <igor@sysoev.ru>
parents:
3291
diff
changeset
|
254 } |
8017f9bda3f6
fix "set_real_ip_from unix:" inheritance
Igor Sysoev <igor@sysoev.ru>
parents:
3291
diff
changeset
|
255 |
573 | 256 return NGX_CONF_OK; |
257 } | |
258 | |
259 | |
260 static ngx_int_t | |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
261 ngx_stream_realip_add_variables(ngx_conf_t *cf) |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
262 { |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
263 ngx_stream_variable_t *var, *v; |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
264 |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
265 for (v = ngx_stream_realip_vars; v->name.len; v++) { |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
266 var = ngx_stream_add_variable(cf, &v->name, v->flags); |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
267 if (var == NULL) { |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
268 return NGX_ERROR; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
269 } |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
270 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
271 var->get_handler = v->get_handler; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
272 var->data = v->data; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
273 } |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
274 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
275 return NGX_OK; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
276 } |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
277 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
278 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
279 static ngx_int_t |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
280 ngx_stream_realip_init(ngx_conf_t *cf) |
573 | 281 { |
6693 | 282 ngx_stream_handler_pt *h; |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
283 ngx_stream_core_main_conf_t *cmcf; |
573 | 284 |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
285 cmcf = ngx_stream_conf_get_module_main_conf(cf, ngx_stream_core_module); |
573 | 286 |
6693 | 287 h = ngx_array_push(&cmcf->phases[NGX_STREAM_POST_ACCEPT_PHASE].handlers); |
288 if (h == NULL) { | |
289 return NGX_ERROR; | |
290 } | |
291 | |
292 *h = ngx_stream_realip_handler; | |
573 | 293 |
294 return NGX_OK; | |
295 } | |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
296 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
297 |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
298 static ngx_int_t |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
299 ngx_stream_realip_remote_addr_variable(ngx_stream_session_t *s, |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
300 ngx_stream_variable_value_t *v, uintptr_t data) |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
301 { |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
302 ngx_str_t *addr_text; |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
303 ngx_stream_realip_ctx_t *ctx; |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
304 |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
305 ctx = ngx_stream_get_module_ctx(s, ngx_stream_realip_module); |
6562
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
306 |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
307 addr_text = ctx ? &ctx->addr_text : &s->connection->addr_text; |
6294
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
308 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
309 v->len = addr_text->len; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
310 v->valid = 1; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
311 v->no_cacheable = 0; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
312 v->not_found = 0; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
313 v->data = addr_text->data; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
314 |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
315 return NGX_OK; |
cebe43bace93
Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents:
5605
diff
changeset
|
316 } |
6562
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
317 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
318 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
319 static ngx_int_t |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
320 ngx_stream_realip_remote_port_variable(ngx_stream_session_t *s, |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
321 ngx_stream_variable_value_t *v, uintptr_t data) |
6562
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
322 { |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
323 ngx_uint_t port; |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
324 struct sockaddr *sa; |
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
325 ngx_stream_realip_ctx_t *ctx; |
6562
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
326 |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
327 ctx = ngx_stream_get_module_ctx(s, ngx_stream_realip_module); |
6562
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
328 |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
329 sa = ctx ? ctx->sockaddr : s->connection->sockaddr; |
6562
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
330 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
331 v->len = 0; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
332 v->valid = 1; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
333 v->no_cacheable = 0; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
334 v->not_found = 0; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
335 |
6684
9cac11efb205
Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6671
diff
changeset
|
336 v->data = ngx_pnalloc(s->connection->pool, sizeof("65535") - 1); |
6562
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
337 if (v->data == NULL) { |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
338 return NGX_ERROR; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
339 } |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
340 |
6593
b3b7e33083ac
Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
Roman Arutyunyan <arut@nginx.com>
parents:
6565
diff
changeset
|
341 port = ngx_inet_get_port(sa); |
6562
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
342 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
343 if (port > 0 && port < 65536) { |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
344 v->len = ngx_sprintf(v->data, "%ui", port) - v->data; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
345 } |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
346 |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
347 return NGX_OK; |
b13d3a6f0512
Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6474
diff
changeset
|
348 } |