mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-06-08 02:02:38 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Realip: allow hostnames in set_real_ip_from (ticket #1180).

Browse Source
This commit is contained in:
Ruslan Ermilov 2017-05-15 17:17:01 +03:00
parent b313bc4bd3
commit a464d07f0a
2 changed files with 136 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
src/http/modules/ngx_http_realip_module.c
View File

@ -319,7 +319,13 @@ ngx_http_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
ngx_int_t rc; ngx_int_t rc;
ngx_str_t *value; ngx_str_t *value;
ngx_cidr_t *cidr; ngx_url_t u;
ngx_cidr_t c, *cidr;
ngx_uint_t i;
struct sockaddr_in *sin;
#if (NGX_HAVE_INET6)
struct sockaddr_in6 *sin6;
#endif
value = cf->args->elts; value = cf->args->elts;
@ -331,31 +337,78 @@ ngx_http_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
} }
} }
#if (NGX_HAVE_UNIX_DOMAIN)
if (ngx_strcmp(value[1].data, "unix:") == 0) {
cidr = ngx_array_push(rlcf->from); cidr = ngx_array_push(rlcf->from);
if (cidr == NULL) { if (cidr == NULL) {
return NGX_CONF_ERROR; return NGX_CONF_ERROR;
} }
#if (NGX_HAVE_UNIX_DOMAIN)
if (ngx_strcmp(value[1].data, "unix:") == 0) {
cidr->family = AF_UNIX; cidr->family = AF_UNIX;
return NGX_CONF_OK; return NGX_CONF_OK;
} }
#endif #endif
rc = ngx_ptocidr(&value[1], cidr); rc = ngx_ptocidr(&value[1], &c);
if (rc == NGX_ERROR) { if (rc != NGX_ERROR) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"", if (rc == NGX_DONE) {
ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
"low address bits of %V are meaningless",
&value[1]); &value[1]);
}
cidr = ngx_array_push(rlcf->from);
if (cidr == NULL) {
return NGX_CONF_ERROR; return NGX_CONF_ERROR;
} }
if (rc == NGX_DONE) { *cidr = c;
ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
"low address bits of %V are meaningless", &value[1]); return NGX_CONF_OK;
}
ngx_memzero(&u, sizeof(ngx_url_t));
u.host = value[1];
if (ngx_inet_resolve_host(cf->pool, &u) != NGX_OK) {
if (u.err) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"%s in set_real_ip_from \"%V\"",
u.err, &u.host);
}
return NGX_CONF_ERROR;
}
cidr = ngx_array_push_n(rlcf->from, u.naddrs);
if (cidr == NULL) {
return NGX_CONF_ERROR;
}
ngx_memzero(cidr, u.naddrs * sizeof(ngx_cidr_t));
for (i = 0; i < u.naddrs; i++) {
cidr[i].family = u.addrs[i].sockaddr->sa_family;
switch (cidr[i].family) {
#if (NGX_HAVE_INET6)
case AF_INET6:
sin6 = (struct sockaddr_in6 *) u.addrs[i].sockaddr;
cidr[i].u.in6.addr = sin6->sin6_addr;
ngx_memset(cidr[i].u.in6.mask.s6_addr, 0xff, 16);
break;
#endif
default: /* AF_INET */
sin = (struct sockaddr_in *) u.addrs[i].sockaddr;
cidr[i].u.in.addr = sin->sin_addr.s_addr;
cidr[i].u.in.mask = 0xffffffff;
break;
}
} }
return NGX_CONF_OK; return NGX_CONF_OK;

73
src/stream/ngx_stream_realip_module.c
View File

@ -180,7 +180,13 @@ ngx_stream_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
ngx_int_t rc; ngx_int_t rc;
ngx_str_t *value; ngx_str_t *value;
ngx_cidr_t *cidr; ngx_url_t u;
ngx_cidr_t c, *cidr;
ngx_uint_t i;
struct sockaddr_in *sin;
#if (NGX_HAVE_INET6)
struct sockaddr_in6 *sin6;
#endif
value = cf->args->elts; value = cf->args->elts;
@ -192,31 +198,78 @@ ngx_stream_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
} }
} }
#if (NGX_HAVE_UNIX_DOMAIN)
if (ngx_strcmp(value[1].data, "unix:") == 0) {
cidr = ngx_array_push(rscf->from); cidr = ngx_array_push(rscf->from);
if (cidr == NULL) { if (cidr == NULL) {
return NGX_CONF_ERROR; return NGX_CONF_ERROR;
} }
#if (NGX_HAVE_UNIX_DOMAIN)
if (ngx_strcmp(value[1].data, "unix:") == 0) {
cidr->family = AF_UNIX; cidr->family = AF_UNIX;
return NGX_CONF_OK; return NGX_CONF_OK;
} }
#endif #endif
rc = ngx_ptocidr(&value[1], cidr); rc = ngx_ptocidr(&value[1], &c);
if (rc == NGX_ERROR) { if (rc != NGX_ERROR) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"", if (rc == NGX_DONE) {
ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
"low address bits of %V are meaningless",
&value[1]); &value[1]);
}
cidr = ngx_array_push(rscf->from);
if (cidr == NULL) {
return NGX_CONF_ERROR; return NGX_CONF_ERROR;
} }
if (rc == NGX_DONE) { *cidr = c;
ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
"low address bits of %V are meaningless", &value[1]); return NGX_CONF_OK;
}
ngx_memzero(&u, sizeof(ngx_url_t));
u.host = value[1];
if (ngx_inet_resolve_host(cf->pool, &u) != NGX_OK) {
if (u.err) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"%s in set_real_ip_from \"%V\"",
u.err, &u.host);
}
return NGX_CONF_ERROR;
}
cidr = ngx_array_push_n(rscf->from, u.naddrs);
if (cidr == NULL) {
return NGX_CONF_ERROR;
}
ngx_memzero(cidr, u.naddrs * sizeof(ngx_cidr_t));
for (i = 0; i < u.naddrs; i++) {
cidr[i].family = u.addrs[i].sockaddr->sa_family;
switch (cidr[i].family) {
#if (NGX_HAVE_INET6)
case AF_INET6:
sin6 = (struct sockaddr_in6 *) u.addrs[i].sockaddr;
cidr[i].u.in6.addr = sin6->sin6_addr;
ngx_memset(cidr[i].u.in6.mask.s6_addr, 0xff, 16);
break;
#endif
default: /* AF_INET */
sin = (struct sockaddr_in *) u.addrs[i].sockaddr;
cidr[i].u.in.addr = sin->sin_addr.s_addr;
cidr[i].u.in.mask = 0xffffffff;
break;
}
} }
return NGX_CONF_OK; return NGX_CONF_OK;