Mercurial > hg > nginx-quic
comparison src/http/ngx_http_request.c @ 5605:3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Client address specified in the PROXY protocol header is now
saved in the $proxy_protocol_addr variable and can be used in
the realip module.
This is currently not implemented for mail.
author | Roman Arutyunyan <arut@nginx.com> |
---|---|
date | Mon, 17 Mar 2014 17:41:24 +0400 |
parents | 188481078faf |
children | e0aa54a4357e |
comparison
equal
deleted
inserted
replaced
5604:22d485944c20 | 5605:3a72b1805c52 |
---|---|
341 rev->handler = ngx_http_ssl_handshake; | 341 rev->handler = ngx_http_ssl_handshake; |
342 } | 342 } |
343 } | 343 } |
344 #endif | 344 #endif |
345 | 345 |
346 if (hc->addr_conf->proxy_protocol) { | |
347 hc->proxy_protocol = 1; | |
348 c->log->action = "reading PROXY protocol"; | |
349 } | |
350 | |
346 if (rev->ready) { | 351 if (rev->ready) { |
347 /* the deferred accept(), rtsig, aio, iocp */ | 352 /* the deferred accept(), rtsig, aio, iocp */ |
348 | 353 |
349 if (ngx_use_accept_mutex) { | 354 if (ngx_use_accept_mutex) { |
350 ngx_post_event(rev, &ngx_posted_events); | 355 ngx_post_event(rev, &ngx_posted_events); |
366 | 371 |
367 | 372 |
368 static void | 373 static void |
369 ngx_http_wait_request_handler(ngx_event_t *rev) | 374 ngx_http_wait_request_handler(ngx_event_t *rev) |
370 { | 375 { |
376 u_char *p; | |
371 size_t size; | 377 size_t size; |
372 ssize_t n; | 378 ssize_t n; |
373 ngx_buf_t *b; | 379 ngx_buf_t *b; |
374 ngx_connection_t *c; | 380 ngx_connection_t *c; |
375 ngx_http_connection_t *hc; | 381 ngx_http_connection_t *hc; |
455 ngx_http_close_connection(c); | 461 ngx_http_close_connection(c); |
456 return; | 462 return; |
457 } | 463 } |
458 | 464 |
459 b->last += n; | 465 b->last += n; |
466 | |
467 if (hc->proxy_protocol) { | |
468 hc->proxy_protocol = 0; | |
469 | |
470 p = ngx_proxy_protocol_parse(c, b->pos, b->last); | |
471 | |
472 if (p == NULL) { | |
473 ngx_http_close_connection(c); | |
474 return; | |
475 } | |
476 | |
477 b->pos = p; | |
478 | |
479 if (b->pos == b->last) { | |
480 c->log->action = "waiting for request"; | |
481 b->pos = b->start; | |
482 b->last = b->start; | |
483 ngx_post_event(rev, &ngx_posted_events); | |
484 return; | |
485 } | |
486 } | |
460 | 487 |
461 c->log->action = "reading client request line"; | 488 c->log->action = "reading client request line"; |
462 | 489 |
463 ngx_reusable_connection(c, 0); | 490 ngx_reusable_connection(c, 0); |
464 | 491 |
587 #if (NGX_HTTP_SSL) | 614 #if (NGX_HTTP_SSL) |
588 | 615 |
589 static void | 616 static void |
590 ngx_http_ssl_handshake(ngx_event_t *rev) | 617 ngx_http_ssl_handshake(ngx_event_t *rev) |
591 { | 618 { |
592 u_char buf[1]; | 619 u_char *p, buf[NGX_PROXY_PROTOCOL_MAX_HEADER + 1]; |
620 size_t size; | |
593 ssize_t n; | 621 ssize_t n; |
594 ngx_err_t err; | 622 ngx_err_t err; |
595 ngx_int_t rc; | 623 ngx_int_t rc; |
596 ngx_connection_t *c; | 624 ngx_connection_t *c; |
597 ngx_http_connection_t *hc; | 625 ngx_http_connection_t *hc; |
598 ngx_http_ssl_srv_conf_t *sscf; | 626 ngx_http_ssl_srv_conf_t *sscf; |
599 | 627 |
600 c = rev->data; | 628 c = rev->data; |
629 hc = c->data; | |
601 | 630 |
602 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, rev->log, 0, | 631 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, rev->log, 0, |
603 "http check ssl handshake"); | 632 "http check ssl handshake"); |
604 | 633 |
605 if (rev->timedout) { | 634 if (rev->timedout) { |
611 if (c->close) { | 640 if (c->close) { |
612 ngx_http_close_connection(c); | 641 ngx_http_close_connection(c); |
613 return; | 642 return; |
614 } | 643 } |
615 | 644 |
616 n = recv(c->fd, (char *) buf, 1, MSG_PEEK); | 645 size = hc->proxy_protocol ? sizeof(buf) : 1; |
646 | |
647 n = recv(c->fd, (char *) buf, size, MSG_PEEK); | |
617 | 648 |
618 err = ngx_socket_errno; | 649 err = ngx_socket_errno; |
619 | 650 |
620 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, rev->log, 0, "http recv(): %d", n); | 651 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, rev->log, 0, "http recv(): %d", n); |
621 | 652 |
636 | 667 |
637 ngx_connection_error(c, err, "recv() failed"); | 668 ngx_connection_error(c, err, "recv() failed"); |
638 ngx_http_close_connection(c); | 669 ngx_http_close_connection(c); |
639 | 670 |
640 return; | 671 return; |
672 } | |
673 | |
674 if (hc->proxy_protocol) { | |
675 hc->proxy_protocol = 0; | |
676 | |
677 p = ngx_proxy_protocol_parse(c, buf, buf + n); | |
678 | |
679 if (p == NULL) { | |
680 ngx_http_close_connection(c); | |
681 return; | |
682 } | |
683 | |
684 size = p - buf; | |
685 | |
686 if (c->recv(c, buf, size) != (ssize_t) size) { | |
687 ngx_http_close_connection(c); | |
688 return; | |
689 } | |
690 | |
691 c->log->action = "SSL handshaking"; | |
692 | |
693 if (n == (ssize_t) size) { | |
694 ngx_post_event(rev, &ngx_posted_events); | |
695 return; | |
696 } | |
697 | |
698 n = 1; | |
699 buf[0] = *p; | |
641 } | 700 } |
642 | 701 |
643 if (n == 1) { | 702 if (n == 1) { |
644 if (buf[0] & 0x80 /* SSLv2 */ || buf[0] == 0x16 /* SSLv3/TLSv1 */) { | 703 if (buf[0] & 0x80 /* SSLv2 */ || buf[0] == 0x16 /* SSLv3/TLSv1 */) { |
645 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, rev->log, 0, | 704 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, rev->log, 0, |
646 "https ssl handshake: 0x%02Xd", buf[0]); | 705 "https ssl handshake: 0x%02Xd", buf[0]); |
647 | 706 |
648 hc = c->data; | |
649 sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, | 707 sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, |
650 ngx_http_ssl_module); | 708 ngx_http_ssl_module); |
651 | 709 |
652 if (ngx_ssl_create_connection(&sscf->ssl, c, NGX_SSL_BUFFER) | 710 if (ngx_ssl_create_connection(&sscf->ssl, c, NGX_SSL_BUFFER) |
653 != NGX_OK) | 711 != NGX_OK) |