From 06176bce918ea25bce8e4cc3adcc0e692bf1eac6 Mon Sep 17 00:00:00 2001 From: Dmitry Volyntsev Date: Mon, 23 May 2016 18:44:23 +0300 Subject: [PATCH] Realip: port support in X-Real-IP and X-Forwarded-For. Now, the module extracts optional port which may accompany an IP address. This custom extension is introduced, among other things, in order to facilitate logging of original client ports. Addresses with ports are expected to be in the RFC 3986 format, that is, with IPv6 addresses in square brackets. E.g., "X-Real-IP: [2001:0db8::1]:12345" sets client port ($remote_port) to 12345. --- src/core/ngx_inet.c | 79 +++++++++++++++++++++++++++++++++ src/core/ngx_inet.h | 2 + src/http/ngx_http_core_module.c | 4 +- 3 files changed, 84 insertions(+), 1 deletion(-) diff --git a/src/core/ngx_inet.c b/src/core/ngx_inet.c index 12bf9f81a..b5c57b7a4 100644 --- a/src/core/ngx_inet.c +++ b/src/core/ngx_inet.c @@ -525,6 +525,85 @@ ngx_parse_addr(ngx_pool_t *pool, ngx_addr_t *addr, u_char *text, size_t len) } +ngx_int_t +ngx_parse_addr_port(ngx_pool_t *pool, ngx_addr_t *addr, u_char *text, + size_t len) +{ + u_char *p, *last; + size_t plen; + ngx_int_t rc, port; + struct sockaddr_in *sin; +#if (NGX_HAVE_INET6) + struct sockaddr_in6 *sin6; +#endif + + rc = ngx_parse_addr(pool, addr, text, len); + + if (rc != NGX_DECLINED) { + return rc; + } + + last = text + len; + +#if (NGX_HAVE_INET6) + if (len && text[0] == '[') { + + p = ngx_strlchr(text, last, ']'); + + if (p == NULL || p == last - 1 || *++p != ':') { + return NGX_DECLINED; + } + + text++; + len -= 2; + + } else +#endif + + { + p = ngx_strlchr(text, last, ':'); + + if (p == NULL) { + return NGX_DECLINED; + } + } + + p++; + plen = last - p; + + port = ngx_atoi(p, plen); + + if (port < 1 || port > 65535) { + return NGX_DECLINED; + } + + len -= plen + 1; + + rc = ngx_parse_addr(pool, addr, text, len); + + if (rc != NGX_OK) { + return rc; + } + + switch (addr->sockaddr->sa_family) { + +#if (NGX_HAVE_INET6) + case AF_INET6: + sin6 = (struct sockaddr_in6 *) addr->sockaddr; + sin6->sin6_port = htons(port); + break; +#endif + + default: /* AF_INET */ + sin = (struct sockaddr_in *) addr->sockaddr; + sin->sin_port = htons(port); + break; + } + + return NGX_OK; +} + + ngx_int_t ngx_parse_url(ngx_pool_t *pool, ngx_url_t *u) { diff --git a/src/core/ngx_inet.h b/src/core/ngx_inet.h index 422aabec4..531d2640c 100644 --- a/src/core/ngx_inet.h +++ b/src/core/ngx_inet.h @@ -115,6 +115,8 @@ size_t ngx_inet_ntop(int family, void *addr, u_char *text, size_t len); ngx_int_t ngx_ptocidr(ngx_str_t *text, ngx_cidr_t *cidr); ngx_int_t ngx_parse_addr(ngx_pool_t *pool, ngx_addr_t *addr, u_char *text, size_t len); +ngx_int_t ngx_parse_addr_port(ngx_pool_t *pool, ngx_addr_t *addr, + u_char *text, size_t len); ngx_int_t ngx_parse_url(ngx_pool_t *pool, ngx_url_t *u); ngx_int_t ngx_inet_resolve_host(ngx_pool_t *pool, ngx_url_t *u); ngx_int_t ngx_cmp_sockaddr(struct sockaddr *sa1, socklen_t slen1, diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c index f22448464..76917bbb0 100644 --- a/src/http/ngx_http_core_module.c +++ b/src/http/ngx_http_core_module.c @@ -2910,7 +2910,9 @@ ngx_http_get_forwarded_addr_internal(ngx_http_request_t *r, ngx_addr_t *addr, } } - if (ngx_parse_addr(r->pool, &paddr, p, xfflen - (p - xff)) != NGX_OK) { + if (ngx_parse_addr_port(r->pool, &paddr, p, xfflen - (p - xff)) + != NGX_OK) + { return NGX_DECLINED; }