Mercurial > hg > nginx-quic
annotate src/core/ngx_proxy_protocol.c @ 7293:d588987701f4
HTTP/2: validate client request scheme.
The scheme is validated as per RFC 3986, Section 3.1.
author | Ruslan Ermilov <ru@nginx.com> |
---|---|
date | Thu, 07 Jun 2018 11:47:10 +0300 |
parents | 1fd992589ffe |
children | 06b01840bd42 |
rev | line source |
---|---|
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
1 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
2 /* |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
3 * Copyright (C) Roman Arutyunyan |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
4 * Copyright (C) Nginx, Inc. |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
5 */ |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
6 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
7 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
8 #include <ngx_config.h> |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
9 #include <ngx_core.h> |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
10 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
11 |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
12 #define NGX_PROXY_PROTOCOL_AF_INET 1 |
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
13 #define NGX_PROXY_PROTOCOL_AF_INET6 2 |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
14 |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
15 |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
16 #define ngx_proxy_protocol_parse_uint16(p) ((p)[0] << 8 | (p)[1]) |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
17 |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
18 |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
19 typedef struct { |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
20 u_char signature[12]; |
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
21 u_char version_command; |
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
22 u_char family_transport; |
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
23 u_char len[2]; |
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
24 } ngx_proxy_protocol_header_t; |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
25 |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
26 |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
27 typedef struct { |
7254
1fd992589ffe
Core: fixed build, broken by 63e91f263a49.
Vladimir Homutov <vl@nginx.com>
parents:
7253
diff
changeset
|
28 u_char src_addr[4]; |
1fd992589ffe
Core: fixed build, broken by 63e91f263a49.
Vladimir Homutov <vl@nginx.com>
parents:
7253
diff
changeset
|
29 u_char dst_addr[4]; |
1fd992589ffe
Core: fixed build, broken by 63e91f263a49.
Vladimir Homutov <vl@nginx.com>
parents:
7253
diff
changeset
|
30 u_char src_port[2]; |
1fd992589ffe
Core: fixed build, broken by 63e91f263a49.
Vladimir Homutov <vl@nginx.com>
parents:
7253
diff
changeset
|
31 u_char dst_port[2]; |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
32 } ngx_proxy_protocol_inet_addrs_t; |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
33 |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
34 |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
35 typedef struct { |
7254
1fd992589ffe
Core: fixed build, broken by 63e91f263a49.
Vladimir Homutov <vl@nginx.com>
parents:
7253
diff
changeset
|
36 u_char src_addr[16]; |
1fd992589ffe
Core: fixed build, broken by 63e91f263a49.
Vladimir Homutov <vl@nginx.com>
parents:
7253
diff
changeset
|
37 u_char dst_addr[16]; |
1fd992589ffe
Core: fixed build, broken by 63e91f263a49.
Vladimir Homutov <vl@nginx.com>
parents:
7253
diff
changeset
|
38 u_char src_port[2]; |
1fd992589ffe
Core: fixed build, broken by 63e91f263a49.
Vladimir Homutov <vl@nginx.com>
parents:
7253
diff
changeset
|
39 u_char dst_port[2]; |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
40 } ngx_proxy_protocol_inet6_addrs_t; |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
41 |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
42 |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
43 static u_char *ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf, |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
44 u_char *last); |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
45 |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
46 |
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
47 u_char * |
6185
a420cb1c170b
Core: renamed ngx_proxy_protocol_parse to ngx_proxy_protocol_read.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
48 ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf, u_char *last) |
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
49 { |
6561
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
50 size_t len; |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
51 u_char ch, *p, *addr, *port; |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
52 ngx_int_t n; |
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
53 |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
54 static const u_char signature[] = "\r\n\r\n\0\r\nQUIT\n"; |
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
55 |
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
56 p = buf; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
57 len = last - buf; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
58 |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
59 if (len >= sizeof(ngx_proxy_protocol_header_t) |
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
60 && memcmp(p, signature, sizeof(signature) - 1) == 0) |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
61 { |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
62 return ngx_proxy_protocol_v2_read(c, buf, last); |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
63 } |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
64 |
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
65 if (len < 8 || ngx_strncmp(p, "PROXY ", 6) != 0) { |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
66 goto invalid; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
67 } |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
68 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
69 p += 6; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
70 len -= 6; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
71 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
72 if (len >= 7 && ngx_strncmp(p, "UNKNOWN", 7) == 0) { |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
73 ngx_log_debug0(NGX_LOG_DEBUG_CORE, c->log, 0, |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
74 "PROXY protocol unknown protocol"); |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
75 p += 7; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
76 goto skip; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
77 } |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
78 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
79 if (len < 5 || ngx_strncmp(p, "TCP", 3) != 0 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
80 || (p[3] != '4' && p[3] != '6') || p[4] != ' ') |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
81 { |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
82 goto invalid; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
83 } |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
84 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
85 p += 5; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
86 addr = p; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
87 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
88 for ( ;; ) { |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
89 if (p == last) { |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
90 goto invalid; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
91 } |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
92 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
93 ch = *p++; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
94 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
95 if (ch == ' ') { |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
96 break; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
97 } |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
98 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
99 if (ch != ':' && ch != '.' |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
100 && (ch < 'a' || ch > 'f') |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
101 && (ch < 'A' || ch > 'F') |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
102 && (ch < '0' || ch > '9')) |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
103 { |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
104 goto invalid; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
105 } |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
106 } |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
107 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
108 len = p - addr - 1; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
109 c->proxy_protocol_addr.data = ngx_pnalloc(c->pool, len); |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
110 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
111 if (c->proxy_protocol_addr.data == NULL) { |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
112 return NULL; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
113 } |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
114 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
115 ngx_memcpy(c->proxy_protocol_addr.data, addr, len); |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
116 c->proxy_protocol_addr.len = len; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
117 |
6561
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
118 for ( ;; ) { |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
119 if (p == last) { |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
120 goto invalid; |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
121 } |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
122 |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
123 if (*p++ == ' ') { |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
124 break; |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
125 } |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
126 } |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
127 |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
128 port = p; |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
129 |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
130 for ( ;; ) { |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
131 if (p == last) { |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
132 goto invalid; |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
133 } |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
134 |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
135 if (*p++ == ' ') { |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
136 break; |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
137 } |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
138 } |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
139 |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
140 len = p - port - 1; |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
141 |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
142 n = ngx_atoi(port, len); |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
143 |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
144 if (n < 0 || n > 65535) { |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
145 goto invalid; |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
146 } |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
147 |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
148 c->proxy_protocol_port = (in_port_t) n; |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
149 |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
150 ngx_log_debug2(NGX_LOG_DEBUG_CORE, c->log, 0, |
7252 | 151 "PROXY protocol address: %V %d", &c->proxy_protocol_addr, |
152 c->proxy_protocol_port); | |
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
153 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
154 skip: |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
155 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
156 for ( /* void */ ; p < last - 1; p++) { |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
157 if (p[0] == CR && p[1] == LF) { |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
158 return p + 2; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
159 } |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
160 } |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
161 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
162 invalid: |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
163 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
164 ngx_log_error(NGX_LOG_ERR, c->log, 0, |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
165 "broken header: \"%*s\"", (size_t) (last - buf), buf); |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
166 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
167 return NULL; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
168 } |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
169 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
170 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
171 u_char * |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
172 ngx_proxy_protocol_write(ngx_connection_t *c, u_char *buf, u_char *last) |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
173 { |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
174 ngx_uint_t port, lport; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
175 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
176 if (last - buf < NGX_PROXY_PROTOCOL_MAX_HEADER) { |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
177 return NULL; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
178 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
179 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
180 if (ngx_connection_local_sockaddr(c, NULL, 0) != NGX_OK) { |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
181 return NULL; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
182 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
183 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
184 switch (c->sockaddr->sa_family) { |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
185 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
186 case AF_INET: |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
187 buf = ngx_cpymem(buf, "PROXY TCP4 ", sizeof("PROXY TCP4 ") - 1); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
188 break; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
189 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
190 #if (NGX_HAVE_INET6) |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
191 case AF_INET6: |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
192 buf = ngx_cpymem(buf, "PROXY TCP6 ", sizeof("PROXY TCP6 ") - 1); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
193 break; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
194 #endif |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
195 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
196 default: |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
197 return ngx_cpymem(buf, "PROXY UNKNOWN" CRLF, |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
198 sizeof("PROXY UNKNOWN" CRLF) - 1); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
199 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
200 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
201 buf += ngx_sock_ntop(c->sockaddr, c->socklen, buf, last - buf, 0); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
202 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
203 *buf++ = ' '; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
204 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
205 buf += ngx_sock_ntop(c->local_sockaddr, c->local_socklen, buf, last - buf, |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
206 0); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
207 |
6593
b3b7e33083ac
Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
Roman Arutyunyan <arut@nginx.com>
parents:
6561
diff
changeset
|
208 port = ngx_inet_get_port(c->sockaddr); |
b3b7e33083ac
Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
Roman Arutyunyan <arut@nginx.com>
parents:
6561
diff
changeset
|
209 lport = ngx_inet_get_port(c->local_sockaddr); |
b3b7e33083ac
Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
Roman Arutyunyan <arut@nginx.com>
parents:
6561
diff
changeset
|
210 |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
211 return ngx_slprintf(buf, last, " %ui %ui" CRLF, port, lport); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
212 } |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
213 |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
214 |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
215 static u_char * |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
216 ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf, u_char *last) |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
217 { |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
218 u_char *end; |
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
219 size_t len; |
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
220 socklen_t socklen; |
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
221 ngx_uint_t version, command, family, transport; |
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
222 ngx_sockaddr_t sockaddr; |
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
223 ngx_proxy_protocol_header_t *header; |
7254
1fd992589ffe
Core: fixed build, broken by 63e91f263a49.
Vladimir Homutov <vl@nginx.com>
parents:
7253
diff
changeset
|
224 ngx_proxy_protocol_inet_addrs_t *in; |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
225 #if (NGX_HAVE_INET6) |
7254
1fd992589ffe
Core: fixed build, broken by 63e91f263a49.
Vladimir Homutov <vl@nginx.com>
parents:
7253
diff
changeset
|
226 ngx_proxy_protocol_inet6_addrs_t *in6; |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
227 #endif |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
228 |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
229 header = (ngx_proxy_protocol_header_t *) buf; |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
230 |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
231 buf += sizeof(ngx_proxy_protocol_header_t); |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
232 |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
233 version = header->version_command >> 4; |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
234 |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
235 if (version != 2) { |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
236 ngx_log_error(NGX_LOG_ERR, c->log, 0, |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
237 "unknown PROXY protocol version: %ui", version); |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
238 return NULL; |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
239 } |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
240 |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
241 len = ngx_proxy_protocol_parse_uint16(header->len); |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
242 |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
243 if ((size_t) (last - buf) < len) { |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
244 ngx_log_error(NGX_LOG_ERR, c->log, 0, "header is too large"); |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
245 return NULL; |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
246 } |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
247 |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
248 end = buf + len; |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
249 |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
250 command = header->version_command & 0x0f; |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
251 |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
252 /* only PROXY is supported */ |
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
253 if (command != 1) { |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
254 ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0, |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
255 "PROXY protocol v2 unsupported command %ui", command); |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
256 return end; |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
257 } |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
258 |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
259 transport = header->family_transport & 0x0f; |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
260 |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
261 /* only STREAM is supported */ |
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
262 if (transport != 1) { |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
263 ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0, |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
264 "PROXY protocol v2 unsupported transport %ui", |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
265 transport); |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
266 return end; |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
267 } |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
268 |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
269 family = header->family_transport >> 4; |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
270 |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
271 switch (family) { |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
272 |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
273 case NGX_PROXY_PROTOCOL_AF_INET: |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
274 |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
275 if ((size_t) (end - buf) < sizeof(ngx_proxy_protocol_inet_addrs_t)) { |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
276 return NULL; |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
277 } |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
278 |
7254
1fd992589ffe
Core: fixed build, broken by 63e91f263a49.
Vladimir Homutov <vl@nginx.com>
parents:
7253
diff
changeset
|
279 in = (ngx_proxy_protocol_inet_addrs_t *) buf; |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
280 |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
281 sockaddr.sockaddr_in.sin_family = AF_INET; |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
282 sockaddr.sockaddr_in.sin_port = 0; |
7254
1fd992589ffe
Core: fixed build, broken by 63e91f263a49.
Vladimir Homutov <vl@nginx.com>
parents:
7253
diff
changeset
|
283 memcpy(&sockaddr.sockaddr_in.sin_addr, in->src_addr, 4); |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
284 |
7254
1fd992589ffe
Core: fixed build, broken by 63e91f263a49.
Vladimir Homutov <vl@nginx.com>
parents:
7253
diff
changeset
|
285 c->proxy_protocol_port = ngx_proxy_protocol_parse_uint16(in->src_port); |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
286 |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
287 socklen = sizeof(struct sockaddr_in); |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
288 |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
289 buf += sizeof(ngx_proxy_protocol_inet_addrs_t); |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
290 |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
291 break; |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
292 |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
293 #if (NGX_HAVE_INET6) |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
294 |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
295 case NGX_PROXY_PROTOCOL_AF_INET6: |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
296 |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
297 if ((size_t) (end - buf) < sizeof(ngx_proxy_protocol_inet6_addrs_t)) { |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
298 return NULL; |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
299 } |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
300 |
7254
1fd992589ffe
Core: fixed build, broken by 63e91f263a49.
Vladimir Homutov <vl@nginx.com>
parents:
7253
diff
changeset
|
301 in6 = (ngx_proxy_protocol_inet6_addrs_t *) buf; |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
302 |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
303 sockaddr.sockaddr_in6.sin6_family = AF_INET6; |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
304 sockaddr.sockaddr_in6.sin6_port = 0; |
7254
1fd992589ffe
Core: fixed build, broken by 63e91f263a49.
Vladimir Homutov <vl@nginx.com>
parents:
7253
diff
changeset
|
305 memcpy(&sockaddr.sockaddr_in6.sin6_addr, in6->src_addr, 16); |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
306 |
7254
1fd992589ffe
Core: fixed build, broken by 63e91f263a49.
Vladimir Homutov <vl@nginx.com>
parents:
7253
diff
changeset
|
307 c->proxy_protocol_port = ngx_proxy_protocol_parse_uint16(in6->src_port); |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
308 |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
309 socklen = sizeof(struct sockaddr_in6); |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
310 |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
311 buf += sizeof(ngx_proxy_protocol_inet6_addrs_t); |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
312 |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
313 break; |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
314 |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
315 #endif |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
316 |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
317 default: |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
318 ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0, |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
319 "PROXY protocol v2 unsupported address family %ui", |
7252 | 320 family); |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
321 return end; |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
322 } |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
323 |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
324 c->proxy_protocol_addr.data = ngx_pnalloc(c->pool, NGX_SOCKADDR_STRLEN); |
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
325 if (c->proxy_protocol_addr.data == NULL) { |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
326 return NULL; |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
327 } |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
328 |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
329 c->proxy_protocol_addr.len = ngx_sock_ntop(&sockaddr.sockaddr, socklen, |
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
330 c->proxy_protocol_addr.data, |
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
331 NGX_SOCKADDR_STRLEN, 0); |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
332 |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
333 ngx_log_debug2(NGX_LOG_DEBUG_CORE, c->log, 0, |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
334 "PROXY protocol v2 address: %V %d", &c->proxy_protocol_addr, |
7252 | 335 c->proxy_protocol_port); |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
336 |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
337 if (buf < end) { |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
338 ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0, |
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
339 "PROXY protocol v2 %z bytes of tlv ignored", end - buf); |
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
340 } |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
341 |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
342 return end; |
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
343 } |