From 72d4e5d7930a07a8753640061bbe9210c6a1f890 Mon Sep 17 00:00:00 2001 From: Andrei Belov Date: Mon, 20 Jun 2016 10:41:17 +0300 Subject: [PATCH] Set IP_BIND_ADDRESS_NO_PORT socket option for upstream sockets. --- auto/unix | 13 +++++++++++++ src/event/ngx_event_connect.c | 26 ++++++++++++++++++++++++++ 2 files changed, 39 insertions(+) diff --git a/auto/unix b/auto/unix index e6396ef2a..f83173b8b 100755 --- a/auto/unix +++ b/auto/unix @@ -341,6 +341,19 @@ ngx_feature_test="setsockopt(0, SOL_SOCKET, SO_BINDANY, NULL, 0)" . auto/feature +# Linux IP_BIND_ADDRESS_NO_PORT + +ngx_feature="IP_BIND_ADDRESS_NO_PORT" +ngx_feature_name="NGX_HAVE_IP_BIND_ADDRESS_NO_PORT" +ngx_feature_run=no +ngx_feature_incs="#include + #include " +ngx_feature_path= +ngx_feature_libs= +ngx_feature_test="setsockopt(0, IPPROTO_IP, IP_BIND_ADDRESS_NO_PORT, NULL, 0)" +. auto/feature + + # Linux transparent proxying ngx_feature="IP_TRANSPARENT" diff --git a/src/event/ngx_event_connect.c b/src/event/ngx_event_connect.c index 5de991e07..9a8f4d931 100644 --- a/src/event/ngx_event_connect.c +++ b/src/event/ngx_event_connect.c @@ -87,6 +87,32 @@ ngx_event_connect_peer(ngx_peer_connection_t *pc) } #endif +#if (NGX_HAVE_IP_BIND_ADDRESS_NO_PORT) + + if (pc->sockaddr->sa_family != AF_UNIX) { + static int bind_address_no_port = 1; + + if (bind_address_no_port) { + if (setsockopt(s, IPPROTO_IP, IP_BIND_ADDRESS_NO_PORT, + (const void *) &bind_address_no_port, + sizeof(int)) == -1) + { + err = ngx_socket_errno; + + if (err != NGX_EOPNOTSUPP && err != NGX_ENOPROTOOPT) { + ngx_log_error(NGX_LOG_ALERT, pc->log, err, + "setsockopt(IP_BIND_ADDRESS_NO_PORT) " + "failed, ignored"); + + } else { + bind_address_no_port = 0; + } + } + } + } + +#endif + if (bind(s, pc->local->sockaddr, pc->local->socklen) == -1) { ngx_log_error(NGX_LOG_CRIT, pc->log, ngx_socket_errno, "bind(%V) failed", &pc->local->name);