Klaus Demo nginx / be932e8
Core: moved PROXY protocol fields out of ngx_connection_t. Now a new structure ngx_proxy_protocol_t holds these fields. This allows to add more PROXY protocol fields in the future without modifying the connection structure. Roman Arutyunyan 23 days ago
8 changed file(s) with 100 addition(s) and 50 deletion(s). Raw diff Collapse all Expand all
146146 socklen_t socklen;
147147 ngx_str_t addr_text;
148148
149 ngx_str_t proxy_protocol_addr;
150 in_port_t proxy_protocol_port;
149 ngx_proxy_protocol_t *proxy_protocol;
151150
152151 #if (NGX_SSL || NGX_COMPAT)
153152 ngx_ssl_connection_t *ssl;
2525 typedef struct ngx_connection_s ngx_connection_t;
2626 typedef struct ngx_thread_task_s ngx_thread_task_t;
2727 typedef struct ngx_ssl_s ngx_ssl_t;
28 typedef struct ngx_proxy_protocol_s ngx_proxy_protocol_t;
2829 typedef struct ngx_ssl_connection_s ngx_ssl_connection_t;
2930 typedef struct ngx_udp_connection_s ngx_udp_connection_t;
3031
4646 u_char *
4747 ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf, u_char *last)
4848 {
49 size_t len;
50 u_char ch, *p, *addr, *port;
51 ngx_int_t n;
49 size_t len;
50 u_char ch, *p, *addr, *port;
51 ngx_int_t n;
52 ngx_proxy_protocol_t *pp;
5253
5354 static const u_char signature[] = "\r\n\r\n\0\r\nQUIT\n";
5455
104105 }
105106 }
106107
108 pp = ngx_pcalloc(c->pool, sizeof(ngx_proxy_protocol_t));
109 if (pp == NULL) {
110 return NULL;
111 }
112
107113 len = p - addr - 1;
108 c->proxy_protocol_addr.data = ngx_pnalloc(c->pool, len);
109
110 if (c->proxy_protocol_addr.data == NULL) {
111 return NULL;
112 }
113
114 ngx_memcpy(c->proxy_protocol_addr.data, addr, len);
115 c->proxy_protocol_addr.len = len;
114
115 pp->src_addr.data = ngx_pnalloc(c->pool, len);
116 if (pp->src_addr.data == NULL) {
117 return NULL;
118 }
119
120 ngx_memcpy(pp->src_addr.data, addr, len);
121 pp->src_addr.len = len;
116122
117123 for ( ;; ) {
118124 if (p == last) {
144150 goto invalid;
145151 }
146152
147 c->proxy_protocol_port = (in_port_t) n;
153 pp->src_port = (in_port_t) n;
148154
149155 ngx_log_debug2(NGX_LOG_DEBUG_CORE, c->log, 0,
150 "PROXY protocol address: %V %d", &c->proxy_protocol_addr,
151 c->proxy_protocol_port);
156 "PROXY protocol address: %V %d", &pp->src_addr,
157 pp->src_port);
158
159 c->proxy_protocol = pp;
152160
153161 skip:
154162
219227 socklen_t socklen;
220228 ngx_uint_t version, command, family, transport;
221229 ngx_sockaddr_t sockaddr;
230 ngx_proxy_protocol_t *pp;
222231 ngx_proxy_protocol_header_t *header;
223232 ngx_proxy_protocol_inet_addrs_t *in;
224233 #if (NGX_HAVE_INET6)
265274 return end;
266275 }
267276
277 pp = ngx_pcalloc(c->pool, sizeof(ngx_proxy_protocol_t));
278 if (pp == NULL) {
279 return NULL;
280 }
281
268282 family = header->family_transport >> 4;
269283
270284 switch (family) {
281295 sockaddr.sockaddr_in.sin_port = 0;
282296 memcpy(&sockaddr.sockaddr_in.sin_addr, in->src_addr, 4);
283297
284 c->proxy_protocol_port = ngx_proxy_protocol_parse_uint16(in->src_port);
298 pp->src_port = ngx_proxy_protocol_parse_uint16(in->src_port);
285299
286300 socklen = sizeof(struct sockaddr_in);
287301
303317 sockaddr.sockaddr_in6.sin6_port = 0;
304318 memcpy(&sockaddr.sockaddr_in6.sin6_addr, in6->src_addr, 16);
305319
306 c->proxy_protocol_port = ngx_proxy_protocol_parse_uint16(in6->src_port);
320 pp->src_port = ngx_proxy_protocol_parse_uint16(in6->src_port);
307321
308322 socklen = sizeof(struct sockaddr_in6);
309323
320334 return end;
321335 }
322336
323 c->proxy_protocol_addr.data = ngx_pnalloc(c->pool, NGX_SOCKADDR_STRLEN);
324 if (c->proxy_protocol_addr.data == NULL) {
325 return NULL;
326 }
327
328 c->proxy_protocol_addr.len = ngx_sock_ntop(&sockaddr.sockaddr, socklen,
329 c->proxy_protocol_addr.data,
330 NGX_SOCKADDR_STRLEN, 0);
337 pp->src_addr.data = ngx_pnalloc(c->pool, NGX_SOCKADDR_STRLEN);
338 if (pp->src_addr.data == NULL) {
339 return NULL;
340 }
341
342 pp->src_addr.len = ngx_sock_ntop(&sockaddr.sockaddr, socklen,
343 pp->src_addr.data, NGX_SOCKADDR_STRLEN, 0);
331344
332345 ngx_log_debug2(NGX_LOG_DEBUG_CORE, c->log, 0,
333 "PROXY protocol v2 address: %V %d", &c->proxy_protocol_addr,
334 c->proxy_protocol_port);
346 "PROXY protocol v2 address: %V %d", &pp->src_addr,
347 pp->src_port);
335348
336349 if (buf < end) {
337350 ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0,
338351 "PROXY protocol v2 %z bytes of tlv ignored", end - buf);
339352 }
340353
354 c->proxy_protocol = pp;
355
341356 return end;
342357 }
1515 #define NGX_PROXY_PROTOCOL_MAX_HEADER 107
1616
1717
18 struct ngx_proxy_protocol_s {
19 ngx_str_t src_addr;
20 in_port_t src_port;
21 };
22
23
1824 u_char *ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf,
1925 u_char *last);
2026 u_char *ngx_proxy_protocol_write(ngx_connection_t *c, u_char *buf,
179179
180180 case NGX_HTTP_REALIP_PROXY:
181181
182 value = &r->connection->proxy_protocol_addr;
183
184 if (value->len == 0) {
182 if (r->connection->proxy_protocol == NULL) {
185183 return NGX_DECLINED;
186184 }
187185
186 value = &r->connection->proxy_protocol->src_addr;
188187 xfwd = NULL;
189188
190189 break;
237236 != NGX_DECLINED)
238237 {
239238 if (rlcf->type == NGX_HTTP_REALIP_PROXY) {
240 ngx_inet_set_port(addr.sockaddr, c->proxy_protocol_port);
239 ngx_inet_set_port(addr.sockaddr, c->proxy_protocol->src_port);
241240 }
242241
243242 return ngx_http_realip_set_addr(r, &addr);
12921292 ngx_http_variable_proxy_protocol_addr(ngx_http_request_t *r,
12931293 ngx_http_variable_value_t *v, uintptr_t data)
12941294 {
1295 v->len = r->connection->proxy_protocol_addr.len;
1296 v->valid = 1;
1297 v->no_cacheable = 0;
1298 v->not_found = 0;
1299 v->data = r->connection->proxy_protocol_addr.data;
1295 ngx_proxy_protocol_t *pp;
1296
1297 pp = r->connection->proxy_protocol;
1298 if (pp == NULL) {
1299 v->not_found = 1;
1300 return NGX_OK;
1301 }
1302
1303 v->len = pp->src_addr.len;
1304 v->valid = 1;
1305 v->no_cacheable = 0;
1306 v->not_found = 0;
1307 v->data = pp->src_addr.data;
13001308
13011309 return NGX_OK;
13021310 }
13061314 ngx_http_variable_proxy_protocol_port(ngx_http_request_t *r,
13071315 ngx_http_variable_value_t *v, uintptr_t data)
13081316 {
1309 ngx_uint_t port;
1317 ngx_uint_t port;
1318 ngx_proxy_protocol_t *pp;
1319
1320 pp = r->connection->proxy_protocol;
1321 if (pp == NULL) {
1322 v->not_found = 1;
1323 return NGX_OK;
1324 }
13101325
13111326 v->len = 0;
13121327 v->valid = 1;
13181333 return NGX_ERROR;
13191334 }
13201335
1321 port = r->connection->proxy_protocol_port;
1336 port = pp->src_port;
13221337
13231338 if (port > 0 && port < 65536) {
13241339 v->len = ngx_sprintf(v->data, "%ui", port) - v->data;
107107
108108 c = s->connection;
109109
110 if (c->proxy_protocol_addr.len == 0) {
110 if (c->proxy_protocol == NULL) {
111111 return NGX_DECLINED;
112112 }
113113
115115 return NGX_DECLINED;
116116 }
117117
118 if (ngx_parse_addr(c->pool, &addr, c->proxy_protocol_addr.data,
119 c->proxy_protocol_addr.len)
118 if (ngx_parse_addr(c->pool, &addr, c->proxy_protocol->src_addr.data,
119 c->proxy_protocol->src_addr.len)
120120 != NGX_OK)
121121 {
122122 return NGX_DECLINED;
123123 }
124124
125 ngx_inet_set_port(addr.sockaddr, c->proxy_protocol_port);
125 ngx_inet_set_port(addr.sockaddr, c->proxy_protocol->src_port);
126126
127127 return ngx_stream_realip_set_addr(s, &addr);
128128 }
556556 ngx_stream_variable_proxy_protocol_addr(ngx_stream_session_t *s,
557557 ngx_stream_variable_value_t *v, uintptr_t data)
558558 {
559 v->len = s->connection->proxy_protocol_addr.len;
560 v->valid = 1;
561 v->no_cacheable = 0;
562 v->not_found = 0;
563 v->data = s->connection->proxy_protocol_addr.data;
559 ngx_proxy_protocol_t *pp;
560
561 pp = s->connection->proxy_protocol;
562 if (pp == NULL) {
563 v->not_found = 1;
564 return NGX_OK;
565 }
566
567 v->len = pp->src_addr.len;
568 v->valid = 1;
569 v->no_cacheable = 0;
570 v->not_found = 0;
571 v->data = pp->src_addr.data;
564572
565573 return NGX_OK;
566574 }
570578 ngx_stream_variable_proxy_protocol_port(ngx_stream_session_t *s,
571579 ngx_stream_variable_value_t *v, uintptr_t data)
572580 {
573 ngx_uint_t port;
581 ngx_uint_t port;
582 ngx_proxy_protocol_t *pp;
583
584 pp = s->connection->proxy_protocol;
585 if (pp == NULL) {
586 v->not_found = 1;
587 return NGX_OK;
588 }
574589
575590 v->len = 0;
576591 v->valid = 1;
582597 return NGX_ERROR;
583598 }
584599
585 port = s->connection->proxy_protocol_port;
600 port = pp->src_port;
586601
587602 if (port > 0 && port < 65536) {
588603 v->len = ngx_sprintf(v->data, "%ui", port) - v->data;