mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-06-11 20:53:30 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Core: moved PROXY protocol fields out of ngx_connection_t.

Browse Source 
Now a new structure ngx_proxy_protocol_t holds these fields.  This allows
to add more PROXY protocol fields in the future without modifying the
connection structure.
This commit is contained in:
Roman Arutyunyan 2019-10-21 18:06:19 +03:00
parent 0098761cb8
commit be932e81a1
8 changed files with 89 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/core/ngx_connection.h
View File

@ -147,8 +147,7 @@ struct ngx_connection_s {
socklen_t socklen; socklen_t socklen;
ngx_str_t addr_text; ngx_str_t addr_text;
ngx_str_t proxy_protocol_addr; ngx_proxy_protocol_t *proxy_protocol;
in_port_t proxy_protocol_port;
#if (NGX_SSL || NGX_COMPAT) #if (NGX_SSL || NGX_COMPAT)
ngx_ssl_connection_t *ssl; ngx_ssl_connection_t *ssl;

1
src/core/ngx_core.h
View File

@ -26,6 +26,7 @@ typedef struct ngx_event_aio_s ngx_event_aio_t;
typedef struct ngx_connection_s ngx_connection_t; typedef struct ngx_connection_s ngx_connection_t;
typedef struct ngx_thread_task_s ngx_thread_task_t; typedef struct ngx_thread_task_s ngx_thread_task_t;
typedef struct ngx_ssl_s ngx_ssl_t; typedef struct ngx_ssl_s ngx_ssl_t;
typedef struct ngx_proxy_protocol_s ngx_proxy_protocol_t;
typedef struct ngx_ssl_connection_s ngx_ssl_connection_t; typedef struct ngx_ssl_connection_s ngx_ssl_connection_t;
typedef struct ngx_udp_connection_s ngx_udp_connection_t; typedef struct ngx_udp_connection_s ngx_udp_connection_t;

57
src/core/ngx_proxy_protocol.c
View File

@ -47,9 +47,10 @@ static u_char *ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf,
u_char * u_char *
ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf, u_char *last) ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf, u_char *last)
{ {
size_t len; size_t len;
u_char ch, *p, *addr, *port; u_char ch, *p, *addr, *port;
ngx_int_t n; ngx_int_t n;
ngx_proxy_protocol_t *pp;
static const u_char signature[] = "\r\n\r\n\0\r\nQUIT\n"; static const u_char signature[] = "\r\n\r\n\0\r\nQUIT\n";
@ -105,15 +106,20 @@ ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf, u_char *last)
} }
} }
len = p - addr - 1; pp = ngx_pcalloc(c->pool, sizeof(ngx_proxy_protocol_t));
c->proxy_protocol_addr.data = ngx_pnalloc(c->pool, len); if (pp == NULL) {
if (c->proxy_protocol_addr.data == NULL) {
return NULL; return NULL;
} }
ngx_memcpy(c->proxy_protocol_addr.data, addr, len); len = p - addr - 1;
c->proxy_protocol_addr.len = len;
pp->src_addr.data = ngx_pnalloc(c->pool, len);
if (pp->src_addr.data == NULL) {
return NULL;
}
ngx_memcpy(pp->src_addr.data, addr, len);
pp->src_addr.len = len;
for ( ;; ) { for ( ;; ) {
if (p == last) { if (p == last) {
@ -145,11 +151,13 @@ ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf, u_char *last)
goto invalid; goto invalid;
} }
c->proxy_protocol_port = (in_port_t) n; pp->src_port = (in_port_t) n;
ngx_log_debug2(NGX_LOG_DEBUG_CORE, c->log, 0, ngx_log_debug2(NGX_LOG_DEBUG_CORE, c->log, 0,
"PROXY protocol address: %V %d", &c->proxy_protocol_addr, "PROXY protocol address: %V %d", &pp->src_addr,
c->proxy_protocol_port); pp->src_port);
c->proxy_protocol = pp;
skip: skip:
@ -220,6 +228,7 @@ ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf, u_char *last)
socklen_t socklen; socklen_t socklen;
ngx_uint_t version, command, family, transport; ngx_uint_t version, command, family, transport;
ngx_sockaddr_t sockaddr; ngx_sockaddr_t sockaddr;
ngx_proxy_protocol_t *pp;
ngx_proxy_protocol_header_t *header; ngx_proxy_protocol_header_t *header;
ngx_proxy_protocol_inet_addrs_t *in; ngx_proxy_protocol_inet_addrs_t *in;
#if (NGX_HAVE_INET6) #if (NGX_HAVE_INET6)
@ -266,6 +275,11 @@ ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf, u_char *last)
return end; return end;
} }
pp = ngx_pcalloc(c->pool, sizeof(ngx_proxy_protocol_t));
if (pp == NULL) {
return NULL;
}
family = header->family_transport >> 4; family = header->family_transport >> 4;
switch (family) { switch (family) {
@ -282,7 +296,7 @@ ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf, u_char *last)
sockaddr.sockaddr_in.sin_port = 0; sockaddr.sockaddr_in.sin_port = 0;
memcpy(&sockaddr.sockaddr_in.sin_addr, in->src_addr, 4); memcpy(&sockaddr.sockaddr_in.sin_addr, in->src_addr, 4);
c->proxy_protocol_port = ngx_proxy_protocol_parse_uint16(in->src_port); pp->src_port = ngx_proxy_protocol_parse_uint16(in->src_port);
socklen = sizeof(struct sockaddr_in); socklen = sizeof(struct sockaddr_in);
@ -304,7 +318,7 @@ ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf, u_char *last)
sockaddr.sockaddr_in6.sin6_port = 0; sockaddr.sockaddr_in6.sin6_port = 0;
memcpy(&sockaddr.sockaddr_in6.sin6_addr, in6->src_addr, 16); memcpy(&sockaddr.sockaddr_in6.sin6_addr, in6->src_addr, 16);
c->proxy_protocol_port = ngx_proxy_protocol_parse_uint16(in6->src_port); pp->src_port = ngx_proxy_protocol_parse_uint16(in6->src_port);
socklen = sizeof(struct sockaddr_in6); socklen = sizeof(struct sockaddr_in6);
@ -321,23 +335,24 @@ ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf, u_char *last)
return end; return end;
} }
c->proxy_protocol_addr.data = ngx_pnalloc(c->pool, NGX_SOCKADDR_STRLEN); pp->src_addr.data = ngx_pnalloc(c->pool, NGX_SOCKADDR_STRLEN);
if (c->proxy_protocol_addr.data == NULL) { if (pp->src_addr.data == NULL) {
return NULL; return NULL;
} }
c->proxy_protocol_addr.len = ngx_sock_ntop(&sockaddr.sockaddr, socklen, pp->src_addr.len = ngx_sock_ntop(&sockaddr.sockaddr, socklen,
c->proxy_protocol_addr.data, pp->src_addr.data, NGX_SOCKADDR_STRLEN, 0);
NGX_SOCKADDR_STRLEN, 0);
ngx_log_debug2(NGX_LOG_DEBUG_CORE, c->log, 0, ngx_log_debug2(NGX_LOG_DEBUG_CORE, c->log, 0,
"PROXY protocol v2 address: %V %d", &c->proxy_protocol_addr, "PROXY protocol v2 address: %V %d", &pp->src_addr,
c->proxy_protocol_port); pp->src_port);
if (buf < end) { if (buf < end) {
ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0, ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0,
"PROXY protocol v2 %z bytes of tlv ignored", end - buf); "PROXY protocol v2 %z bytes of tlv ignored", end - buf);
} }
c->proxy_protocol = pp;
return end; return end;
} }

6
src/core/ngx_proxy_protocol.h
View File

@ -16,6 +16,12 @@
#define NGX_PROXY_PROTOCOL_MAX_HEADER 107 #define NGX_PROXY_PROTOCOL_MAX_HEADER 107
struct ngx_proxy_protocol_s {
ngx_str_t src_addr;
in_port_t src_port;
};
u_char *ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf, u_char *ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf,
u_char *last); u_char *last);
u_char *ngx_proxy_protocol_write(ngx_connection_t *c, u_char *buf, u_char *ngx_proxy_protocol_write(ngx_connection_t *c, u_char *buf,

7
src/http/modules/ngx_http_realip_module.c
View File

@ -180,12 +180,11 @@ ngx_http_realip_handler(ngx_http_request_t *r)
case NGX_HTTP_REALIP_PROXY: case NGX_HTTP_REALIP_PROXY:
value = &r->connection->proxy_protocol_addr; if (r->connection->proxy_protocol == NULL) {
if (value->len == 0) {
return NGX_DECLINED; return NGX_DECLINED;
} }
value = &r->connection->proxy_protocol->src_addr;
xfwd = NULL; xfwd = NULL;
break; break;
@ -238,7 +237,7 @@ found:
!= NGX_DECLINED) != NGX_DECLINED)
{ {
if (rlcf->type == NGX_HTTP_REALIP_PROXY) { if (rlcf->type == NGX_HTTP_REALIP_PROXY) {
ngx_inet_set_port(addr.sockaddr, c->proxy_protocol_port); ngx_inet_set_port(addr.sockaddr, c->proxy_protocol->src_port);
} }
return ngx_http_realip_set_addr(r, &addr); return ngx_http_realip_set_addr(r, &addr);

23
src/http/ngx_http_variables.c
View File

@ -1293,11 +1293,19 @@ static ngx_int_t
ngx_http_variable_proxy_protocol_addr(ngx_http_request_t *r, ngx_http_variable_proxy_protocol_addr(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data) ngx_http_variable_value_t *v, uintptr_t data)
{ {
v->len = r->connection->proxy_protocol_addr.len; ngx_proxy_protocol_t *pp;
pp = r->connection->proxy_protocol;
if (pp == NULL) {
v->not_found = 1;
return NGX_OK;
}
v->len = pp->src_addr.len;
v->valid = 1; v->valid = 1;
v->no_cacheable = 0; v->no_cacheable = 0;
v->not_found = 0; v->not_found = 0;
v->data = r->connection->proxy_protocol_addr.data; v->data = pp->src_addr.data;
return NGX_OK; return NGX_OK;
} }
@ -1307,7 +1315,14 @@ static ngx_int_t
ngx_http_variable_proxy_protocol_port(ngx_http_request_t *r, ngx_http_variable_proxy_protocol_port(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data) ngx_http_variable_value_t *v, uintptr_t data)
{ {
ngx_uint_t port; ngx_uint_t port;
ngx_proxy_protocol_t *pp;
pp = r->connection->proxy_protocol;
if (pp == NULL) {
v->not_found = 1;
return NGX_OK;
}
v->len = 0; v->len = 0;
v->valid = 1; v->valid = 1;
@ -1319,7 +1334,7 @@ ngx_http_variable_proxy_protocol_port(ngx_http_request_t *r,
return NGX_ERROR; return NGX_ERROR;
} }
port = r->connection->proxy_protocol_port; port = pp->src_port;
if (port > 0 && port < 65536) { if (port > 0 && port < 65536) {
v->len = ngx_sprintf(v->data, "%ui", port) - v->data; v->len = ngx_sprintf(v->data, "%ui", port) - v->data;

8
src/stream/ngx_stream_realip_module.c
View File

@ -108,7 +108,7 @@ ngx_stream_realip_handler(ngx_stream_session_t *s)
c = s->connection; c = s->connection;
if (c->proxy_protocol_addr.len == 0) { if (c->proxy_protocol == NULL) {
return NGX_DECLINED; return NGX_DECLINED;
} }
@ -116,14 +116,14 @@ ngx_stream_realip_handler(ngx_stream_session_t *s)
return NGX_DECLINED; return NGX_DECLINED;
} }
if (ngx_parse_addr(c->pool, &addr, c->proxy_protocol_addr.data, if (ngx_parse_addr(c->pool, &addr, c->proxy_protocol->src_addr.data,
c->proxy_protocol_addr.len) c->proxy_protocol->src_addr.len)
!= NGX_OK) != NGX_OK)
{ {
return NGX_DECLINED; return NGX_DECLINED;
} }
ngx_inet_set_port(addr.sockaddr, c->proxy_protocol_port); ngx_inet_set_port(addr.sockaddr, c->proxy_protocol->src_port);
return ngx_stream_realip_set_addr(s, &addr); return ngx_stream_realip_set_addr(s, &addr);
} }

23
src/stream/ngx_stream_variables.c
View File

@ -557,11 +557,19 @@ static ngx_int_t
ngx_stream_variable_proxy_protocol_addr(ngx_stream_session_t *s, ngx_stream_variable_proxy_protocol_addr(ngx_stream_session_t *s,
ngx_stream_variable_value_t *v, uintptr_t data) ngx_stream_variable_value_t *v, uintptr_t data)
{ {
v->len = s->connection->proxy_protocol_addr.len; ngx_proxy_protocol_t *pp;
pp = s->connection->proxy_protocol;
if (pp == NULL) {
v->not_found = 1;
return NGX_OK;
}
v->len = pp->src_addr.len;
v->valid = 1; v->valid = 1;
v->no_cacheable = 0; v->no_cacheable = 0;
v->not_found = 0; v->not_found = 0;
v->data = s->connection->proxy_protocol_addr.data; v->data = pp->src_addr.data;
return NGX_OK; return NGX_OK;
} }
@ -571,7 +579,14 @@ static ngx_int_t
ngx_stream_variable_proxy_protocol_port(ngx_stream_session_t *s, ngx_stream_variable_proxy_protocol_port(ngx_stream_session_t *s,
ngx_stream_variable_value_t *v, uintptr_t data) ngx_stream_variable_value_t *v, uintptr_t data)
{ {
ngx_uint_t port; ngx_uint_t port;
ngx_proxy_protocol_t *pp;
pp = s->connection->proxy_protocol;
if (pp == NULL) {
v->not_found = 1;
return NGX_OK;
}
v->len = 0; v->len = 0;
v->valid = 1; v->valid = 1;
@ -583,7 +598,7 @@ ngx_stream_variable_proxy_protocol_port(ngx_stream_session_t *s,
return NGX_ERROR; return NGX_ERROR;
} }
port = s->connection->proxy_protocol_port; port = pp->src_port;
if (port > 0 && port < 65536) { if (port > 0 && port < 65536) {
v->len = ngx_sprintf(v->data, "%ui", port) - v->data; v->len = ngx_sprintf(v->data, "%ui", port) - v->data;