Mercurial > hg > nginx-quic
view src/core/ngx_resolver.h @ 4162:fb1375e8b68c stable-1.0
Merging r4036, r4055, r4056, r4057, r4058, r4059, r4060, r4061, r4062, r4063,
r4064:
Ranges related fixes:
The "max_ranges" directive.
"max_ranges 0" disables ranges support at all,
"max_ranges 1" allows the single range, etc.
By default number of ranges is unlimited, to be precise, 2^31-1.
If client requests more ranges than "max_ranges" permits,
nginx disables ranges and returns just the source response.
If total size of all ranges is greater than source response size,
then nginx disables ranges and returns just the source response.
This fix should not affect well-behaving applications but will defeat
DoS attempts exploiting malicious byte ranges.
Now unsatisfiable ranges are processed according to RFC 2616.
| author | Igor Sysoev <igor@sysoev.ru> |
|---|---|
| date | Fri, 30 Sep 2011 14:06:08 +0000 |
| parents | 71193a456616 |
| children | 016352c19049 4919fb357a5d |
line wrap: on
line source
/* * Copyright (C) Igor Sysoev */ #include <ngx_config.h> #include <ngx_core.h> #ifndef _NGX_RESOLVER_H_INCLUDED_ #define _NGX_RESOLVER_H_INCLUDED_ #define NGX_RESOLVE_A 1 #define NGX_RESOLVE_CNAME 5 #define NGX_RESOLVE_PTR 12 #define NGX_RESOLVE_MX 15 #define NGX_RESOLVE_TXT 16 #define NGX_RESOLVE_DNAME 39 #define NGX_RESOLVE_FORMERR 1 #define NGX_RESOLVE_SERVFAIL 2 #define NGX_RESOLVE_NXDOMAIN 3 #define NGX_RESOLVE_NOTIMP 4 #define NGX_RESOLVE_REFUSED 5 #define NGX_RESOLVE_TIMEDOUT NGX_ETIMEDOUT #define NGX_NO_RESOLVER (void *) -1 #define NGX_RESOLVER_MAX_RECURSION 50 typedef struct { ngx_connection_t *connection; struct sockaddr *sockaddr; socklen_t socklen; ngx_str_t server; ngx_log_t log; } ngx_udp_connection_t; typedef struct ngx_resolver_ctx_s ngx_resolver_ctx_t; typedef void (*ngx_resolver_handler_pt)(ngx_resolver_ctx_t *ctx); typedef struct { ngx_rbtree_node_t node; ngx_queue_t queue; /* PTR: resolved name, A: name to resolve */ u_char *name; u_short nlen; u_short qlen; u_char *query; union { in_addr_t addr; in_addr_t *addrs; u_char *cname; } u; u_short naddrs; u_short cnlen; time_t expire; time_t valid; ngx_resolver_ctx_t *waiting; } ngx_resolver_node_t; typedef struct { /* has to be pointer because of "incomplete type" */ ngx_event_t *event; /* TODO: DNS peers balancer */ /* STUB */ ngx_udp_connection_t *udp_connection; ngx_log_t *log; /* ident must be after 3 pointers */ ngx_int_t ident; ngx_rbtree_t name_rbtree; ngx_rbtree_node_t name_sentinel; ngx_rbtree_t addr_rbtree; ngx_rbtree_node_t addr_sentinel; ngx_queue_t name_resend_queue; ngx_queue_t addr_resend_queue; ngx_queue_t name_expire_queue; ngx_queue_t addr_expire_queue; time_t resend_timeout; time_t expire; time_t valid; ngx_uint_t log_level; } ngx_resolver_t; struct ngx_resolver_ctx_s { ngx_resolver_ctx_t *next; ngx_resolver_t *resolver; ngx_udp_connection_t *udp_connection; /* ident must be after 3 pointers */ ngx_int_t ident; ngx_int_t state; ngx_int_t type; ngx_str_t name; ngx_uint_t naddrs; in_addr_t *addrs; in_addr_t addr; /* TODO: DNS peers balancer ctx */ ngx_resolver_handler_pt handler; void *data; ngx_msec_t timeout; ngx_uint_t quick; /* unsigned quick:1; */ ngx_uint_t recursion; ngx_event_t *event; }; ngx_resolver_t *ngx_resolver_create(ngx_conf_t *cf, ngx_addr_t *addr); ngx_resolver_ctx_t *ngx_resolve_start(ngx_resolver_t *r, ngx_resolver_ctx_t *temp); ngx_int_t ngx_resolve_name(ngx_resolver_ctx_t *ctx); void ngx_resolve_name_done(ngx_resolver_ctx_t *ctx); ngx_int_t ngx_resolve_addr(ngx_resolver_ctx_t *ctx); void ngx_resolve_addr_done(ngx_resolver_ctx_t *ctx); char *ngx_resolver_strerror(ngx_int_t err); #endif /* _NGX_RESOLVER_H_INCLUDED_ */