mirror of
https://github.com/nginx/nginx.git
synced 2025-01-21 03:33:00 +08:00
Core: moved PROXY protocol fields out of ngx_connection_t.
Now a new structure ngx_proxy_protocol_t holds these fields. This allows to add more PROXY protocol fields in the future without modifying the connection structure.
This commit is contained in:
parent
0098761cb8
commit
be932e81a1
@ -147,8 +147,7 @@ struct ngx_connection_s {
|
||||
socklen_t socklen;
|
||||
ngx_str_t addr_text;
|
||||
|
||||
ngx_str_t proxy_protocol_addr;
|
||||
in_port_t proxy_protocol_port;
|
||||
ngx_proxy_protocol_t *proxy_protocol;
|
||||
|
||||
#if (NGX_SSL || NGX_COMPAT)
|
||||
ngx_ssl_connection_t *ssl;
|
||||
|
@ -26,6 +26,7 @@ typedef struct ngx_event_aio_s ngx_event_aio_t;
|
||||
typedef struct ngx_connection_s ngx_connection_t;
|
||||
typedef struct ngx_thread_task_s ngx_thread_task_t;
|
||||
typedef struct ngx_ssl_s ngx_ssl_t;
|
||||
typedef struct ngx_proxy_protocol_s ngx_proxy_protocol_t;
|
||||
typedef struct ngx_ssl_connection_s ngx_ssl_connection_t;
|
||||
typedef struct ngx_udp_connection_s ngx_udp_connection_t;
|
||||
|
||||
|
@ -47,9 +47,10 @@ static u_char *ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf,
|
||||
u_char *
|
||||
ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf, u_char *last)
|
||||
{
|
||||
size_t len;
|
||||
u_char ch, *p, *addr, *port;
|
||||
ngx_int_t n;
|
||||
size_t len;
|
||||
u_char ch, *p, *addr, *port;
|
||||
ngx_int_t n;
|
||||
ngx_proxy_protocol_t *pp;
|
||||
|
||||
static const u_char signature[] = "\r\n\r\n\0\r\nQUIT\n";
|
||||
|
||||
@ -105,15 +106,20 @@ ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf, u_char *last)
|
||||
}
|
||||
}
|
||||
|
||||
len = p - addr - 1;
|
||||
c->proxy_protocol_addr.data = ngx_pnalloc(c->pool, len);
|
||||
|
||||
if (c->proxy_protocol_addr.data == NULL) {
|
||||
pp = ngx_pcalloc(c->pool, sizeof(ngx_proxy_protocol_t));
|
||||
if (pp == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ngx_memcpy(c->proxy_protocol_addr.data, addr, len);
|
||||
c->proxy_protocol_addr.len = len;
|
||||
len = p - addr - 1;
|
||||
|
||||
pp->src_addr.data = ngx_pnalloc(c->pool, len);
|
||||
if (pp->src_addr.data == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ngx_memcpy(pp->src_addr.data, addr, len);
|
||||
pp->src_addr.len = len;
|
||||
|
||||
for ( ;; ) {
|
||||
if (p == last) {
|
||||
@ -145,11 +151,13 @@ ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf, u_char *last)
|
||||
goto invalid;
|
||||
}
|
||||
|
||||
c->proxy_protocol_port = (in_port_t) n;
|
||||
pp->src_port = (in_port_t) n;
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_CORE, c->log, 0,
|
||||
"PROXY protocol address: %V %d", &c->proxy_protocol_addr,
|
||||
c->proxy_protocol_port);
|
||||
"PROXY protocol address: %V %d", &pp->src_addr,
|
||||
pp->src_port);
|
||||
|
||||
c->proxy_protocol = pp;
|
||||
|
||||
skip:
|
||||
|
||||
@ -220,6 +228,7 @@ ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf, u_char *last)
|
||||
socklen_t socklen;
|
||||
ngx_uint_t version, command, family, transport;
|
||||
ngx_sockaddr_t sockaddr;
|
||||
ngx_proxy_protocol_t *pp;
|
||||
ngx_proxy_protocol_header_t *header;
|
||||
ngx_proxy_protocol_inet_addrs_t *in;
|
||||
#if (NGX_HAVE_INET6)
|
||||
@ -266,6 +275,11 @@ ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf, u_char *last)
|
||||
return end;
|
||||
}
|
||||
|
||||
pp = ngx_pcalloc(c->pool, sizeof(ngx_proxy_protocol_t));
|
||||
if (pp == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
family = header->family_transport >> 4;
|
||||
|
||||
switch (family) {
|
||||
@ -282,7 +296,7 @@ ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf, u_char *last)
|
||||
sockaddr.sockaddr_in.sin_port = 0;
|
||||
memcpy(&sockaddr.sockaddr_in.sin_addr, in->src_addr, 4);
|
||||
|
||||
c->proxy_protocol_port = ngx_proxy_protocol_parse_uint16(in->src_port);
|
||||
pp->src_port = ngx_proxy_protocol_parse_uint16(in->src_port);
|
||||
|
||||
socklen = sizeof(struct sockaddr_in);
|
||||
|
||||
@ -304,7 +318,7 @@ ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf, u_char *last)
|
||||
sockaddr.sockaddr_in6.sin6_port = 0;
|
||||
memcpy(&sockaddr.sockaddr_in6.sin6_addr, in6->src_addr, 16);
|
||||
|
||||
c->proxy_protocol_port = ngx_proxy_protocol_parse_uint16(in6->src_port);
|
||||
pp->src_port = ngx_proxy_protocol_parse_uint16(in6->src_port);
|
||||
|
||||
socklen = sizeof(struct sockaddr_in6);
|
||||
|
||||
@ -321,23 +335,24 @@ ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf, u_char *last)
|
||||
return end;
|
||||
}
|
||||
|
||||
c->proxy_protocol_addr.data = ngx_pnalloc(c->pool, NGX_SOCKADDR_STRLEN);
|
||||
if (c->proxy_protocol_addr.data == NULL) {
|
||||
pp->src_addr.data = ngx_pnalloc(c->pool, NGX_SOCKADDR_STRLEN);
|
||||
if (pp->src_addr.data == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
c->proxy_protocol_addr.len = ngx_sock_ntop(&sockaddr.sockaddr, socklen,
|
||||
c->proxy_protocol_addr.data,
|
||||
NGX_SOCKADDR_STRLEN, 0);
|
||||
pp->src_addr.len = ngx_sock_ntop(&sockaddr.sockaddr, socklen,
|
||||
pp->src_addr.data, NGX_SOCKADDR_STRLEN, 0);
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_CORE, c->log, 0,
|
||||
"PROXY protocol v2 address: %V %d", &c->proxy_protocol_addr,
|
||||
c->proxy_protocol_port);
|
||||
"PROXY protocol v2 address: %V %d", &pp->src_addr,
|
||||
pp->src_port);
|
||||
|
||||
if (buf < end) {
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0,
|
||||
"PROXY protocol v2 %z bytes of tlv ignored", end - buf);
|
||||
}
|
||||
|
||||
c->proxy_protocol = pp;
|
||||
|
||||
return end;
|
||||
}
|
||||
|
@ -16,6 +16,12 @@
|
||||
#define NGX_PROXY_PROTOCOL_MAX_HEADER 107
|
||||
|
||||
|
||||
struct ngx_proxy_protocol_s {
|
||||
ngx_str_t src_addr;
|
||||
in_port_t src_port;
|
||||
};
|
||||
|
||||
|
||||
u_char *ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf,
|
||||
u_char *last);
|
||||
u_char *ngx_proxy_protocol_write(ngx_connection_t *c, u_char *buf,
|
||||
|
@ -180,12 +180,11 @@ ngx_http_realip_handler(ngx_http_request_t *r)
|
||||
|
||||
case NGX_HTTP_REALIP_PROXY:
|
||||
|
||||
value = &r->connection->proxy_protocol_addr;
|
||||
|
||||
if (value->len == 0) {
|
||||
if (r->connection->proxy_protocol == NULL) {
|
||||
return NGX_DECLINED;
|
||||
}
|
||||
|
||||
value = &r->connection->proxy_protocol->src_addr;
|
||||
xfwd = NULL;
|
||||
|
||||
break;
|
||||
@ -238,7 +237,7 @@ found:
|
||||
!= NGX_DECLINED)
|
||||
{
|
||||
if (rlcf->type == NGX_HTTP_REALIP_PROXY) {
|
||||
ngx_inet_set_port(addr.sockaddr, c->proxy_protocol_port);
|
||||
ngx_inet_set_port(addr.sockaddr, c->proxy_protocol->src_port);
|
||||
}
|
||||
|
||||
return ngx_http_realip_set_addr(r, &addr);
|
||||
|
@ -1293,11 +1293,19 @@ static ngx_int_t
|
||||
ngx_http_variable_proxy_protocol_addr(ngx_http_request_t *r,
|
||||
ngx_http_variable_value_t *v, uintptr_t data)
|
||||
{
|
||||
v->len = r->connection->proxy_protocol_addr.len;
|
||||
ngx_proxy_protocol_t *pp;
|
||||
|
||||
pp = r->connection->proxy_protocol;
|
||||
if (pp == NULL) {
|
||||
v->not_found = 1;
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
v->len = pp->src_addr.len;
|
||||
v->valid = 1;
|
||||
v->no_cacheable = 0;
|
||||
v->not_found = 0;
|
||||
v->data = r->connection->proxy_protocol_addr.data;
|
||||
v->data = pp->src_addr.data;
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
@ -1307,7 +1315,14 @@ static ngx_int_t
|
||||
ngx_http_variable_proxy_protocol_port(ngx_http_request_t *r,
|
||||
ngx_http_variable_value_t *v, uintptr_t data)
|
||||
{
|
||||
ngx_uint_t port;
|
||||
ngx_uint_t port;
|
||||
ngx_proxy_protocol_t *pp;
|
||||
|
||||
pp = r->connection->proxy_protocol;
|
||||
if (pp == NULL) {
|
||||
v->not_found = 1;
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
v->len = 0;
|
||||
v->valid = 1;
|
||||
@ -1319,7 +1334,7 @@ ngx_http_variable_proxy_protocol_port(ngx_http_request_t *r,
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
port = r->connection->proxy_protocol_port;
|
||||
port = pp->src_port;
|
||||
|
||||
if (port > 0 && port < 65536) {
|
||||
v->len = ngx_sprintf(v->data, "%ui", port) - v->data;
|
||||
|
@ -108,7 +108,7 @@ ngx_stream_realip_handler(ngx_stream_session_t *s)
|
||||
|
||||
c = s->connection;
|
||||
|
||||
if (c->proxy_protocol_addr.len == 0) {
|
||||
if (c->proxy_protocol == NULL) {
|
||||
return NGX_DECLINED;
|
||||
}
|
||||
|
||||
@ -116,14 +116,14 @@ ngx_stream_realip_handler(ngx_stream_session_t *s)
|
||||
return NGX_DECLINED;
|
||||
}
|
||||
|
||||
if (ngx_parse_addr(c->pool, &addr, c->proxy_protocol_addr.data,
|
||||
c->proxy_protocol_addr.len)
|
||||
if (ngx_parse_addr(c->pool, &addr, c->proxy_protocol->src_addr.data,
|
||||
c->proxy_protocol->src_addr.len)
|
||||
!= NGX_OK)
|
||||
{
|
||||
return NGX_DECLINED;
|
||||
}
|
||||
|
||||
ngx_inet_set_port(addr.sockaddr, c->proxy_protocol_port);
|
||||
ngx_inet_set_port(addr.sockaddr, c->proxy_protocol->src_port);
|
||||
|
||||
return ngx_stream_realip_set_addr(s, &addr);
|
||||
}
|
||||
|
@ -557,11 +557,19 @@ static ngx_int_t
|
||||
ngx_stream_variable_proxy_protocol_addr(ngx_stream_session_t *s,
|
||||
ngx_stream_variable_value_t *v, uintptr_t data)
|
||||
{
|
||||
v->len = s->connection->proxy_protocol_addr.len;
|
||||
ngx_proxy_protocol_t *pp;
|
||||
|
||||
pp = s->connection->proxy_protocol;
|
||||
if (pp == NULL) {
|
||||
v->not_found = 1;
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
v->len = pp->src_addr.len;
|
||||
v->valid = 1;
|
||||
v->no_cacheable = 0;
|
||||
v->not_found = 0;
|
||||
v->data = s->connection->proxy_protocol_addr.data;
|
||||
v->data = pp->src_addr.data;
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
@ -571,7 +579,14 @@ static ngx_int_t
|
||||
ngx_stream_variable_proxy_protocol_port(ngx_stream_session_t *s,
|
||||
ngx_stream_variable_value_t *v, uintptr_t data)
|
||||
{
|
||||
ngx_uint_t port;
|
||||
ngx_uint_t port;
|
||||
ngx_proxy_protocol_t *pp;
|
||||
|
||||
pp = s->connection->proxy_protocol;
|
||||
if (pp == NULL) {
|
||||
v->not_found = 1;
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
v->len = 0;
|
||||
v->valid = 1;
|
||||
@ -583,7 +598,7 @@ ngx_stream_variable_proxy_protocol_port(ngx_stream_session_t *s,
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
port = s->connection->proxy_protocol_port;
|
||||
port = pp->src_port;
|
||||
|
||||
if (port > 0 && port < 65536) {
|
||||
v->len = ngx_sprintf(v->data, "%ui", port) - v->data;
|
||||
|
Loading…
Reference in New Issue
Block a user