34
|
1
|
|
2 /*
|
|
3 * Copyright (C) Igor Sysoev
|
660
|
4 * Copyright (C) Nginx, Inc.
|
34
|
5 */
|
|
6
|
|
7
|
|
8 #include <ngx_config.h>
|
|
9 #include <ngx_core.h>
|
|
10 #include <ngx_http.h>
|
|
11
|
|
12
|
|
13 typedef struct {
|
582
|
14 ngx_http_variable_value_t *value;
|
430
|
15 u_short start;
|
|
16 u_short end;
|
422
|
17 } ngx_http_geo_range_t;
|
|
18
|
|
19
|
|
20 typedef struct {
|
694
|
21 ngx_radix_tree_t *tree;
|
|
22 #if (NGX_HAVE_INET6)
|
|
23 ngx_radix_tree_t *tree6;
|
|
24 #endif
|
|
25 } ngx_http_geo_trees_t;
|
|
26
|
|
27
|
|
28 typedef struct {
|
582
|
29 ngx_http_geo_range_t **low;
|
430
|
30 ngx_http_variable_value_t *default_value;
|
422
|
31 } ngx_http_geo_high_ranges_t;
|
|
32
|
|
33
|
|
34 typedef struct {
|
582
|
35 ngx_str_node_t sn;
|
|
36 ngx_http_variable_value_t *value;
|
|
37 size_t offset;
|
|
38 } ngx_http_geo_variable_value_node_t;
|
|
39
|
|
40
|
|
41 typedef struct {
|
430
|
42 ngx_http_variable_value_t *value;
|
|
43 ngx_str_t *net;
|
582
|
44 ngx_http_geo_high_ranges_t high;
|
430
|
45 ngx_radix_tree_t *tree;
|
694
|
46 #if (NGX_HAVE_INET6)
|
|
47 ngx_radix_tree_t *tree6;
|
|
48 #endif
|
430
|
49 ngx_rbtree_t rbtree;
|
|
50 ngx_rbtree_node_t sentinel;
|
510
|
51 ngx_array_t *proxies;
|
430
|
52 ngx_pool_t *pool;
|
|
53 ngx_pool_t *temp_pool;
|
582
|
54
|
|
55 size_t data_size;
|
|
56
|
|
57 ngx_str_t include_name;
|
|
58 ngx_uint_t includes;
|
|
59 ngx_uint_t entries;
|
|
60
|
|
61 unsigned ranges:1;
|
|
62 unsigned outside_entries:1;
|
|
63 unsigned allow_binary_include:1;
|
|
64 unsigned binary_include:1;
|
674
|
65 unsigned proxy_recursive:1;
|
138
|
66 } ngx_http_geo_conf_ctx_t;
|
34
|
67
|
|
68
|
430
|
69 typedef struct {
|
|
70 union {
|
694
|
71 ngx_http_geo_trees_t trees;
|
582
|
72 ngx_http_geo_high_ranges_t high;
|
430
|
73 } u;
|
|
74
|
510
|
75 ngx_array_t *proxies;
|
674
|
76 unsigned proxy_recursive:1;
|
510
|
77
|
430
|
78 ngx_int_t index;
|
|
79 } ngx_http_geo_ctx_t;
|
|
80
|
|
81
|
694
|
82 static ngx_int_t ngx_http_geo_addr(ngx_http_request_t *r,
|
|
83 ngx_http_geo_ctx_t *ctx, ngx_addr_t *addr);
|
674
|
84 static ngx_int_t ngx_http_geo_real_addr(ngx_http_request_t *r,
|
|
85 ngx_http_geo_ctx_t *ctx, ngx_addr_t *addr);
|
34
|
86 static char *ngx_http_geo_block(ngx_conf_t *cf, ngx_command_t *cmd, void *conf);
|
|
87 static char *ngx_http_geo(ngx_conf_t *cf, ngx_command_t *dummy, void *conf);
|
422
|
88 static char *ngx_http_geo_range(ngx_conf_t *cf, ngx_http_geo_conf_ctx_t *ctx,
|
|
89 ngx_str_t *value);
|
|
90 static char *ngx_http_geo_add_range(ngx_conf_t *cf,
|
|
91 ngx_http_geo_conf_ctx_t *ctx, in_addr_t start, in_addr_t end);
|
|
92 static ngx_uint_t ngx_http_geo_delete_range(ngx_conf_t *cf,
|
|
93 ngx_http_geo_conf_ctx_t *ctx, in_addr_t start, in_addr_t end);
|
|
94 static char *ngx_http_geo_cidr(ngx_conf_t *cf, ngx_http_geo_conf_ctx_t *ctx,
|
|
95 ngx_str_t *value);
|
|
96 static ngx_http_variable_value_t *ngx_http_geo_value(ngx_conf_t *cf,
|
|
97 ngx_http_geo_conf_ctx_t *ctx, ngx_str_t *value);
|
510
|
98 static char *ngx_http_geo_add_proxy(ngx_conf_t *cf,
|
|
99 ngx_http_geo_conf_ctx_t *ctx, ngx_cidr_t *cidr);
|
|
100 static ngx_int_t ngx_http_geo_cidr_value(ngx_conf_t *cf, ngx_str_t *net,
|
|
101 ngx_cidr_t *cidr);
|
582
|
102 static char *ngx_http_geo_include(ngx_conf_t *cf, ngx_http_geo_conf_ctx_t *ctx,
|
|
103 ngx_str_t *name);
|
|
104 static ngx_int_t ngx_http_geo_include_binary_base(ngx_conf_t *cf,
|
|
105 ngx_http_geo_conf_ctx_t *ctx, ngx_str_t *name);
|
|
106 static void ngx_http_geo_create_binary_base(ngx_http_geo_conf_ctx_t *ctx);
|
|
107 static u_char *ngx_http_geo_copy_values(u_char *base, u_char *p,
|
|
108 ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel);
|
34
|
109
|
|
110
|
|
111 static ngx_command_t ngx_http_geo_commands[] = {
|
|
112
|
|
113 { ngx_string("geo"),
|
430
|
114 NGX_HTTP_MAIN_CONF|NGX_CONF_BLOCK|NGX_CONF_TAKE12,
|
34
|
115 ngx_http_geo_block,
|
|
116 NGX_HTTP_MAIN_CONF_OFFSET,
|
|
117 0,
|
|
118 NULL },
|
|
119
|
|
120 ngx_null_command
|
|
121 };
|
|
122
|
|
123
|
|
124 static ngx_http_module_t ngx_http_geo_module_ctx = {
|
58
|
125 NULL, /* preconfiguration */
|
|
126 NULL, /* postconfiguration */
|
34
|
127
|
|
128 NULL, /* create main configuration */
|
|
129 NULL, /* init main configuration */
|
|
130
|
|
131 NULL, /* create server configuration */
|
|
132 NULL, /* merge server configuration */
|
|
133
|
|
134 NULL, /* create location configuration */
|
|
135 NULL /* merge location configuration */
|
|
136 };
|
|
137
|
|
138
|
|
139 ngx_module_t ngx_http_geo_module = {
|
58
|
140 NGX_MODULE_V1,
|
34
|
141 &ngx_http_geo_module_ctx, /* module context */
|
|
142 ngx_http_geo_commands, /* module directives */
|
|
143 NGX_HTTP_MODULE, /* module type */
|
90
|
144 NULL, /* init master */
|
34
|
145 NULL, /* init module */
|
90
|
146 NULL, /* init process */
|
|
147 NULL, /* init thread */
|
|
148 NULL, /* exit thread */
|
|
149 NULL, /* exit process */
|
|
150 NULL, /* exit master */
|
|
151 NGX_MODULE_V1_PADDING
|
34
|
152 };
|
|
153
|
|
154
|
582
|
155 typedef struct {
|
|
156 u_char GEORNG[6];
|
|
157 u_char version;
|
|
158 u_char ptr_size;
|
678
|
159 uint32_t endianness;
|
582
|
160 uint32_t crc32;
|
|
161 } ngx_http_geo_header_t;
|
|
162
|
|
163
|
|
164 static ngx_http_geo_header_t ngx_http_geo_header = {
|
|
165 { 'G', 'E', 'O', 'R', 'N', 'G' }, 0, sizeof(void *), 0x12345678, 0
|
|
166 };
|
|
167
|
|
168
|
694
|
169 /* geo range is AF_INET only */
|
34
|
170
|
122
|
171 static ngx_int_t
|
422
|
172 ngx_http_geo_cidr_variable(ngx_http_request_t *r, ngx_http_variable_value_t *v,
|
122
|
173 uintptr_t data)
|
34
|
174 {
|
430
|
175 ngx_http_geo_ctx_t *ctx = (ngx_http_geo_ctx_t *) data;
|
34
|
176
|
694
|
177 in_addr_t inaddr;
|
|
178 ngx_addr_t addr;
|
|
179 struct sockaddr_in *sin;
|
122
|
180 ngx_http_variable_value_t *vv;
|
694
|
181 #if (NGX_HAVE_INET6)
|
|
182 u_char *p;
|
|
183 struct in6_addr *inaddr6;
|
|
184 #endif
|
|
185
|
|
186 if (ngx_http_geo_addr(r, ctx, &addr) != NGX_OK) {
|
|
187 vv = (ngx_http_variable_value_t *)
|
|
188 ngx_radix32tree_find(ctx->u.trees.tree, INADDR_NONE);
|
|
189 goto done;
|
|
190 }
|
|
191
|
|
192 switch (addr.sockaddr->sa_family) {
|
|
193
|
|
194 #if (NGX_HAVE_INET6)
|
|
195 case AF_INET6:
|
|
196 inaddr6 = &((struct sockaddr_in6 *) addr.sockaddr)->sin6_addr;
|
|
197 p = inaddr6->s6_addr;
|
34
|
198
|
694
|
199 if (IN6_IS_ADDR_V4MAPPED(inaddr6)) {
|
|
200 inaddr = p[12] << 24;
|
|
201 inaddr += p[13] << 16;
|
|
202 inaddr += p[14] << 8;
|
|
203 inaddr += p[15];
|
|
204
|
|
205 vv = (ngx_http_variable_value_t *)
|
|
206 ngx_radix32tree_find(ctx->u.trees.tree, inaddr);
|
|
207
|
|
208 } else {
|
|
209 vv = (ngx_http_variable_value_t *)
|
|
210 ngx_radix128tree_find(ctx->u.trees.tree6, p);
|
|
211 }
|
|
212
|
|
213 break;
|
|
214 #endif
|
|
215
|
|
216 default: /* AF_INET */
|
|
217 sin = (struct sockaddr_in *) addr.sockaddr;
|
|
218 inaddr = ntohl(sin->sin_addr.s_addr);
|
|
219
|
|
220 vv = (ngx_http_variable_value_t *)
|
|
221 ngx_radix32tree_find(ctx->u.trees.tree, inaddr);
|
|
222
|
|
223 break;
|
|
224 }
|
|
225
|
|
226 done:
|
38
|
227
|
122
|
228 *v = *vv;
|
|
229
|
430
|
230 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
|
|
231 "http geo: %v", v);
|
38
|
232
|
122
|
233 return NGX_OK;
|
34
|
234 }
|
|
235
|
|
236
|
422
|
237 static ngx_int_t
|
|
238 ngx_http_geo_range_variable(ngx_http_request_t *r, ngx_http_variable_value_t *v,
|
|
239 uintptr_t data)
|
|
240 {
|
430
|
241 ngx_http_geo_ctx_t *ctx = (ngx_http_geo_ctx_t *) data;
|
422
|
242
|
694
|
243 in_addr_t inaddr;
|
|
244 ngx_addr_t addr;
|
582
|
245 ngx_uint_t n;
|
694
|
246 struct sockaddr_in *sin;
|
422
|
247 ngx_http_geo_range_t *range;
|
694
|
248 #if (NGX_HAVE_INET6)
|
|
249 u_char *p;
|
|
250 struct in6_addr *inaddr6;
|
|
251 #endif
|
422
|
252
|
582
|
253 *v = *ctx->u.high.default_value;
|
422
|
254
|
694
|
255 if (ngx_http_geo_addr(r, ctx, &addr) == NGX_OK) {
|
|
256
|
|
257 switch (addr.sockaddr->sa_family) {
|
|
258
|
|
259 #if (NGX_HAVE_INET6)
|
|
260 case AF_INET6:
|
|
261 inaddr6 = &((struct sockaddr_in6 *) addr.sockaddr)->sin6_addr;
|
|
262
|
|
263 if (IN6_IS_ADDR_V4MAPPED(inaddr6)) {
|
|
264 p = inaddr6->s6_addr;
|
422
|
265
|
694
|
266 inaddr = p[12] << 24;
|
|
267 inaddr += p[13] << 16;
|
|
268 inaddr += p[14] << 8;
|
|
269 inaddr += p[15];
|
|
270
|
|
271 } else {
|
|
272 inaddr = INADDR_NONE;
|
|
273 }
|
|
274
|
|
275 break;
|
|
276 #endif
|
422
|
277
|
694
|
278 default: /* AF_INET */
|
|
279 sin = (struct sockaddr_in *) addr.sockaddr;
|
|
280 inaddr = ntohl(sin->sin_addr.s_addr);
|
|
281 break;
|
|
282 }
|
|
283
|
|
284 } else {
|
|
285 inaddr = INADDR_NONE;
|
|
286 }
|
|
287
|
|
288 if (ctx->u.high.low) {
|
|
289 range = ctx->u.high.low[inaddr >> 16];
|
|
290
|
|
291 if (range) {
|
|
292 n = inaddr & 0xffff;
|
|
293 do {
|
|
294 if (n >= (ngx_uint_t) range->start
|
|
295 && n <= (ngx_uint_t) range->end)
|
|
296 {
|
|
297 *v = *range->value;
|
|
298 break;
|
|
299 }
|
|
300 } while ((++range)->value);
|
|
301 }
|
422
|
302 }
|
|
303
|
430
|
304 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
|
|
305 "http geo: %v", v);
|
422
|
306
|
|
307 return NGX_OK;
|
|
308 }
|
|
309
|
|
310
|
694
|
311 static ngx_int_t
|
|
312 ngx_http_geo_addr(ngx_http_request_t *r, ngx_http_geo_ctx_t *ctx,
|
|
313 ngx_addr_t *addr)
|
430
|
314 {
|
694
|
315 ngx_table_elt_t *xfwd;
|
510
|
316
|
694
|
317 if (ngx_http_geo_real_addr(r, ctx, addr) != NGX_OK) {
|
|
318 return NGX_ERROR;
|
674
|
319 }
|
510
|
320
|
|
321 xfwd = r->headers_in.x_forwarded_for;
|
|
322
|
674
|
323 if (xfwd != NULL && ctx->proxies != NULL) {
|
694
|
324 (void) ngx_http_get_forwarded_addr(r, addr, xfwd->value.data,
|
674
|
325 xfwd->value.len, ctx->proxies,
|
|
326 ctx->proxy_recursive);
|
510
|
327 }
|
|
328
|
694
|
329 return NGX_OK;
|
510
|
330 }
|
|
331
|
|
332
|
674
|
333 static ngx_int_t
|
|
334 ngx_http_geo_real_addr(ngx_http_request_t *r, ngx_http_geo_ctx_t *ctx,
|
|
335 ngx_addr_t *addr)
|
510
|
336 {
|
430
|
337 ngx_http_variable_value_t *v;
|
|
338
|
|
339 if (ctx->index == -1) {
|
|
340 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
|
|
341 "http geo started: %V", &r->connection->addr_text);
|
|
342
|
674
|
343 addr->sockaddr = r->connection->sockaddr;
|
|
344 addr->socklen = r->connection->socklen;
|
|
345 /* addr->name = r->connection->addr_text; */
|
626
|
346
|
674
|
347 return NGX_OK;
|
430
|
348 }
|
|
349
|
|
350 v = ngx_http_get_flushed_variable(r, ctx->index);
|
|
351
|
|
352 if (v == NULL || v->not_found) {
|
|
353 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
|
|
354 "http geo not found");
|
|
355
|
674
|
356 return NGX_ERROR;
|
430
|
357 }
|
|
358
|
|
359 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
|
|
360 "http geo started: %v", v);
|
|
361
|
674
|
362 if (ngx_parse_addr(r->pool, addr, v->data, v->len) == NGX_OK) {
|
|
363 return NGX_OK;
|
|
364 }
|
|
365
|
|
366 return NGX_ERROR;
|
430
|
367 }
|
|
368
|
|
369
|
38
|
370 static char *
|
|
371 ngx_http_geo_block(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
34
|
372 {
|
138
|
373 char *rv;
|
422
|
374 size_t len;
|
138
|
375 ngx_str_t *value, name;
|
422
|
376 ngx_uint_t i;
|
138
|
377 ngx_conf_t save;
|
|
378 ngx_pool_t *pool;
|
422
|
379 ngx_array_t *a;
|
328
|
380 ngx_http_variable_t *var;
|
430
|
381 ngx_http_geo_ctx_t *geo;
|
138
|
382 ngx_http_geo_conf_ctx_t ctx;
|
694
|
383 #if (NGX_HAVE_INET6)
|
|
384 static struct in6_addr zero;
|
|
385 #endif
|
34
|
386
|
50
|
387 value = cf->args->elts;
|
|
388
|
430
|
389 geo = ngx_palloc(cf->pool, sizeof(ngx_http_geo_ctx_t));
|
|
390 if (geo == NULL) {
|
|
391 return NGX_CONF_ERROR;
|
|
392 }
|
|
393
|
50
|
394 name = value[1];
|
694
|
395
|
|
396 if (name.data[0] != '$') {
|
|
397 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
|
398 "invalid variable name \"%V\"", &name);
|
|
399 return NGX_CONF_ERROR;
|
|
400 }
|
|
401
|
430
|
402 name.len--;
|
|
403 name.data++;
|
50
|
404
|
430
|
405 if (cf->args->nelts == 3) {
|
|
406
|
|
407 geo->index = ngx_http_get_variable_index(cf, &name);
|
|
408 if (geo->index == NGX_ERROR) {
|
|
409 return NGX_CONF_ERROR;
|
|
410 }
|
|
411
|
|
412 name = value[2];
|
694
|
413
|
|
414 if (name.data[0] != '$') {
|
|
415 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
|
416 "invalid variable name \"%V\"", &name);
|
|
417 return NGX_CONF_ERROR;
|
|
418 }
|
|
419
|
50
|
420 name.len--;
|
|
421 name.data++;
|
430
|
422
|
|
423 } else {
|
|
424 geo->index = -1;
|
50
|
425 }
|
|
426
|
340
|
427 var = ngx_http_add_variable(cf, &name, NGX_HTTP_VAR_CHANGEABLE);
|
50
|
428 if (var == NULL) {
|
34
|
429 return NGX_CONF_ERROR;
|
|
430 }
|
|
431
|
132
|
432 pool = ngx_create_pool(16384, cf->log);
|
50
|
433 if (pool == NULL) {
|
34
|
434 return NGX_CONF_ERROR;
|
|
435 }
|
|
436
|
582
|
437 ngx_memzero(&ctx, sizeof(ngx_http_geo_conf_ctx_t));
|
|
438
|
422
|
439 ctx.temp_pool = ngx_create_pool(16384, cf->log);
|
|
440 if (ctx.temp_pool == NULL) {
|
34
|
441 return NGX_CONF_ERROR;
|
|
442 }
|
|
443
|
582
|
444 ngx_rbtree_init(&ctx.rbtree, &ctx.sentinel, ngx_str_rbtree_insert_value);
|
422
|
445
|
138
|
446 ctx.pool = cf->pool;
|
582
|
447 ctx.data_size = sizeof(ngx_http_geo_header_t)
|
|
448 + sizeof(ngx_http_variable_value_t)
|
|
449 + 0x10000 * sizeof(ngx_http_geo_range_t *);
|
|
450 ctx.allow_binary_include = 1;
|
34
|
451
|
|
452 save = *cf;
|
|
453 cf->pool = pool;
|
138
|
454 cf->ctx = &ctx;
|
34
|
455 cf->handler = ngx_http_geo;
|
|
456 cf->handler_conf = conf;
|
|
457
|
|
458 rv = ngx_conf_parse(cf, NULL);
|
|
459
|
|
460 *cf = save;
|
|
461
|
510
|
462 geo->proxies = ctx.proxies;
|
674
|
463 geo->proxy_recursive = ctx.proxy_recursive;
|
510
|
464
|
694
|
465 if (ctx.ranges) {
|
582
|
466
|
694
|
467 if (ctx.high.low && !ctx.binary_include) {
|
582
|
468 for (i = 0; i < 0x10000; i++) {
|
|
469 a = (ngx_array_t *) ctx.high.low[i];
|
|
470
|
|
471 if (a == NULL || a->nelts == 0) {
|
|
472 continue;
|
|
473 }
|
422
|
474
|
582
|
475 len = a->nelts * sizeof(ngx_http_geo_range_t);
|
422
|
476
|
582
|
477 ctx.high.low[i] = ngx_palloc(cf->pool, len + sizeof(void *));
|
|
478 if (ctx.high.low[i] == NULL) {
|
|
479 return NGX_CONF_ERROR;
|
|
480 }
|
|
481
|
694
|
482 ngx_memcpy(ctx.high.low[i], a->elts, len);
|
|
483 ctx.high.low[i][a->nelts].value = NULL;
|
582
|
484 ctx.data_size += len + sizeof(void *);
|
422
|
485 }
|
|
486
|
582
|
487 if (ctx.allow_binary_include
|
|
488 && !ctx.outside_entries
|
|
489 && ctx.entries > 100000
|
|
490 && ctx.includes == 1)
|
|
491 {
|
|
492 ngx_http_geo_create_binary_base(&ctx);
|
422
|
493 }
|
|
494 }
|
|
495
|
684
|
496 if (ctx.high.default_value == NULL) {
|
|
497 ctx.high.default_value = &ngx_http_variable_null_value;
|
|
498 }
|
|
499
|
430
|
500 geo->u.high = ctx.high;
|
|
501
|
422
|
502 var->get_handler = ngx_http_geo_range_variable;
|
430
|
503 var->data = (uintptr_t) geo;
|
34
|
504
|
422
|
505 ngx_destroy_pool(ctx.temp_pool);
|
|
506 ngx_destroy_pool(pool);
|
|
507
|
|
508 } else {
|
424
|
509 if (ctx.tree == NULL) {
|
|
510 ctx.tree = ngx_radix_tree_create(cf->pool, -1);
|
|
511 if (ctx.tree == NULL) {
|
|
512 return NGX_CONF_ERROR;
|
|
513 }
|
|
514 }
|
|
515
|
694
|
516 geo->u.trees.tree = ctx.tree;
|
|
517
|
|
518 #if (NGX_HAVE_INET6)
|
|
519 if (ctx.tree6 == NULL) {
|
|
520 ctx.tree6 = ngx_radix_tree_create(cf->pool, -1);
|
|
521 if (ctx.tree6 == NULL) {
|
|
522 return NGX_CONF_ERROR;
|
|
523 }
|
|
524 }
|
|
525
|
|
526 geo->u.trees.tree6 = ctx.tree6;
|
|
527 #endif
|
430
|
528
|
422
|
529 var->get_handler = ngx_http_geo_cidr_variable;
|
430
|
530 var->data = (uintptr_t) geo;
|
422
|
531
|
|
532 ngx_destroy_pool(ctx.temp_pool);
|
|
533 ngx_destroy_pool(pool);
|
|
534
|
|
535 if (ngx_radix32tree_insert(ctx.tree, 0, 0,
|
|
536 (uintptr_t) &ngx_http_variable_null_value)
|
|
537 == NGX_ERROR)
|
|
538 {
|
|
539 return NGX_CONF_ERROR;
|
|
540 }
|
694
|
541
|
|
542 /* NGX_BUSY is okay (default was set explicitly) */
|
|
543
|
|
544 #if (NGX_HAVE_INET6)
|
|
545 if (ngx_radix128tree_insert(ctx.tree6, zero.s6_addr, zero.s6_addr,
|
|
546 (uintptr_t) &ngx_http_variable_null_value)
|
|
547 == NGX_ERROR)
|
|
548 {
|
|
549 return NGX_CONF_ERROR;
|
|
550 }
|
|
551 #endif
|
34
|
552 }
|
|
553
|
|
554 return rv;
|
|
555 }
|
|
556
|
|
557
|
38
|
558 static char *
|
|
559 ngx_http_geo(ngx_conf_t *cf, ngx_command_t *dummy, void *conf)
|
34
|
560 {
|
422
|
561 char *rv;
|
582
|
562 ngx_str_t *value;
|
510
|
563 ngx_cidr_t cidr;
|
422
|
564 ngx_http_geo_conf_ctx_t *ctx;
|
34
|
565
|
138
|
566 ctx = cf->ctx;
|
34
|
567
|
422
|
568 value = cf->args->elts;
|
|
569
|
|
570 if (cf->args->nelts == 1) {
|
|
571
|
|
572 if (ngx_strcmp(value[0].data, "ranges") == 0) {
|
|
573
|
694
|
574 if (ctx->tree
|
|
575 #if (NGX_HAVE_INET6)
|
|
576 || ctx->tree6
|
|
577 #endif
|
|
578 )
|
|
579 {
|
422
|
580 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
|
581 "the \"ranges\" directive must be "
|
|
582 "the first directive inside \"geo\" block");
|
|
583 goto failed;
|
|
584 }
|
|
585
|
582
|
586 ctx->ranges = 1;
|
422
|
587
|
|
588 rv = NGX_CONF_OK;
|
|
589
|
|
590 goto done;
|
|
591 }
|
674
|
592
|
|
593 else if (ngx_strcmp(value[0].data, "proxy_recursive") == 0) {
|
|
594 ctx->proxy_recursive = 1;
|
|
595 rv = NGX_CONF_OK;
|
|
596 goto done;
|
|
597 }
|
422
|
598 }
|
|
599
|
34
|
600 if (cf->args->nelts != 2) {
|
|
601 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
|
602 "invalid number of the geo parameters");
|
422
|
603 goto failed;
|
34
|
604 }
|
|
605
|
422
|
606 if (ngx_strcmp(value[0].data, "include") == 0) {
|
|
607
|
582
|
608 rv = ngx_http_geo_include(cf, ctx, &value[1]);
|
422
|
609
|
|
610 goto done;
|
510
|
611
|
|
612 } else if (ngx_strcmp(value[0].data, "proxy") == 0) {
|
|
613
|
|
614 if (ngx_http_geo_cidr_value(cf, &value[1], &cidr) != NGX_OK) {
|
|
615 goto failed;
|
|
616 }
|
|
617
|
|
618 rv = ngx_http_geo_add_proxy(cf, ctx, &cidr);
|
|
619
|
|
620 goto done;
|
422
|
621 }
|
|
622
|
582
|
623 if (ctx->ranges) {
|
422
|
624 rv = ngx_http_geo_range(cf, ctx, value);
|
|
625
|
|
626 } else {
|
|
627 rv = ngx_http_geo_cidr(cf, ctx, value);
|
|
628 }
|
|
629
|
|
630 done:
|
|
631
|
|
632 ngx_reset_pool(cf->pool);
|
|
633
|
|
634 return rv;
|
|
635
|
|
636 failed:
|
|
637
|
|
638 ngx_reset_pool(cf->pool);
|
|
639
|
|
640 return NGX_CONF_ERROR;
|
|
641 }
|
|
642
|
|
643
|
|
644 static char *
|
|
645 ngx_http_geo_range(ngx_conf_t *cf, ngx_http_geo_conf_ctx_t *ctx,
|
|
646 ngx_str_t *value)
|
|
647 {
|
582
|
648 u_char *p, *last;
|
|
649 in_addr_t start, end;
|
|
650 ngx_str_t *net;
|
|
651 ngx_uint_t del;
|
422
|
652
|
|
653 if (ngx_strcmp(value[0].data, "default") == 0) {
|
|
654
|
582
|
655 if (ctx->high.default_value) {
|
|
656 ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
|
|
657 "duplicate default geo range value: \"%V\", old value: \"%v\"",
|
|
658 &value[1], ctx->high.default_value);
|
422
|
659 }
|
|
660
|
582
|
661 ctx->high.default_value = ngx_http_geo_value(cf, ctx, &value[1]);
|
|
662 if (ctx->high.default_value == NULL) {
|
|
663 return NGX_CONF_ERROR;
|
422
|
664 }
|
|
665
|
|
666 return NGX_CONF_OK;
|
|
667 }
|
|
668
|
582
|
669 if (ctx->binary_include) {
|
|
670 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
672
|
671 "binary geo range base \"%s\" cannot be mixed with usual entries",
|
582
|
672 ctx->include_name.data);
|
|
673 return NGX_CONF_ERROR;
|
|
674 }
|
|
675
|
|
676 if (ctx->high.low == NULL) {
|
|
677 ctx->high.low = ngx_pcalloc(ctx->pool,
|
|
678 0x10000 * sizeof(ngx_http_geo_range_t *));
|
|
679 if (ctx->high.low == NULL) {
|
|
680 return NGX_CONF_ERROR;
|
|
681 }
|
|
682 }
|
|
683
|
|
684 ctx->entries++;
|
|
685 ctx->outside_entries = 1;
|
|
686
|
422
|
687 if (ngx_strcmp(value[0].data, "delete") == 0) {
|
|
688 net = &value[1];
|
|
689 del = 1;
|
|
690
|
|
691 } else {
|
|
692 net = &value[0];
|
|
693 del = 0;
|
|
694 }
|
|
695
|
|
696 last = net->data + net->len;
|
|
697
|
|
698 p = ngx_strlchr(net->data, last, '-');
|
|
699
|
|
700 if (p == NULL) {
|
|
701 goto invalid;
|
|
702 }
|
|
703
|
|
704 start = ngx_inet_addr(net->data, p - net->data);
|
|
705
|
|
706 if (start == INADDR_NONE) {
|
|
707 goto invalid;
|
|
708 }
|
|
709
|
|
710 start = ntohl(start);
|
|
711
|
|
712 p++;
|
|
713
|
|
714 end = ngx_inet_addr(p, last - p);
|
|
715
|
|
716 if (end == INADDR_NONE) {
|
|
717 goto invalid;
|
|
718 }
|
|
719
|
|
720 end = ntohl(end);
|
|
721
|
|
722 if (start > end) {
|
|
723 goto invalid;
|
|
724 }
|
|
725
|
|
726 if (del) {
|
|
727 if (ngx_http_geo_delete_range(cf, ctx, start, end)) {
|
|
728 ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
|
|
729 "no address range \"%V\" to delete", net);
|
|
730 }
|
|
731
|
|
732 return NGX_CONF_OK;
|
|
733 }
|
|
734
|
|
735 ctx->value = ngx_http_geo_value(cf, ctx, &value[1]);
|
|
736
|
|
737 if (ctx->value == NULL) {
|
|
738 return NGX_CONF_ERROR;
|
|
739 }
|
|
740
|
|
741 ctx->net = net;
|
|
742
|
|
743 return ngx_http_geo_add_range(cf, ctx, start, end);
|
|
744
|
|
745 invalid:
|
|
746
|
|
747 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid range \"%V\"", net);
|
|
748
|
|
749 return NGX_CONF_ERROR;
|
|
750 }
|
|
751
|
|
752
|
|
753 /* the add procedure is optimized to add a growing up sequence */
|
|
754
|
|
755 static char *
|
|
756 ngx_http_geo_add_range(ngx_conf_t *cf, ngx_http_geo_conf_ctx_t *ctx,
|
|
757 in_addr_t start, in_addr_t end)
|
|
758 {
|
|
759 in_addr_t n;
|
|
760 ngx_uint_t h, i, s, e;
|
|
761 ngx_array_t *a;
|
|
762 ngx_http_geo_range_t *range;
|
|
763
|
564
|
764 for (n = start; n <= end; n = (n + 0x10000) & 0xffff0000) {
|
422
|
765
|
|
766 h = n >> 16;
|
438
|
767
|
|
768 if (n == start) {
|
|
769 s = n & 0xffff;
|
|
770 } else {
|
|
771 s = 0;
|
|
772 }
|
422
|
773
|
|
774 if ((n | 0xffff) > end) {
|
|
775 e = end & 0xffff;
|
|
776
|
|
777 } else {
|
|
778 e = 0xffff;
|
|
779 }
|
|
780
|
582
|
781 a = (ngx_array_t *) ctx->high.low[h];
|
422
|
782
|
|
783 if (a == NULL) {
|
|
784 a = ngx_array_create(ctx->temp_pool, 64,
|
|
785 sizeof(ngx_http_geo_range_t));
|
|
786 if (a == NULL) {
|
|
787 return NGX_CONF_ERROR;
|
|
788 }
|
|
789
|
582
|
790 ctx->high.low[h] = (ngx_http_geo_range_t *) a;
|
422
|
791 }
|
|
792
|
|
793 i = a->nelts;
|
|
794 range = a->elts;
|
|
795
|
|
796 while (i) {
|
|
797
|
|
798 i--;
|
|
799
|
|
800 if (e < (ngx_uint_t) range[i].start) {
|
|
801 continue;
|
|
802 }
|
|
803
|
|
804 if (s > (ngx_uint_t) range[i].end) {
|
|
805
|
|
806 /* add after the range */
|
|
807
|
|
808 range = ngx_array_push(a);
|
|
809 if (range == NULL) {
|
|
810 return NGX_CONF_ERROR;
|
|
811 }
|
|
812
|
|
813 range = a->elts;
|
|
814
|
620
|
815 ngx_memmove(&range[i + 2], &range[i + 1],
|
422
|
816 (a->nelts - 2 - i) * sizeof(ngx_http_geo_range_t));
|
|
817
|
438
|
818 range[i + 1].start = (u_short) s;
|
|
819 range[i + 1].end = (u_short) e;
|
|
820 range[i + 1].value = ctx->value;
|
422
|
821
|
|
822 goto next;
|
|
823 }
|
|
824
|
|
825 if (s == (ngx_uint_t) range[i].start
|
|
826 && e == (ngx_uint_t) range[i].end)
|
|
827 {
|
|
828 ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
|
|
829 "duplicate range \"%V\", value: \"%v\", old value: \"%v\"",
|
|
830 ctx->net, ctx->value, range[i].value);
|
438
|
831
|
|
832 range[i].value = ctx->value;
|
|
833
|
|
834 goto next;
|
|
835 }
|
|
836
|
|
837 if (s > (ngx_uint_t) range[i].start
|
|
838 && e < (ngx_uint_t) range[i].end)
|
|
839 {
|
|
840 /* split the range and insert the new one */
|
|
841
|
|
842 range = ngx_array_push(a);
|
|
843 if (range == NULL) {
|
|
844 return NGX_CONF_ERROR;
|
|
845 }
|
|
846
|
|
847 range = ngx_array_push(a);
|
|
848 if (range == NULL) {
|
|
849 return NGX_CONF_ERROR;
|
|
850 }
|
|
851
|
|
852 range = a->elts;
|
|
853
|
620
|
854 ngx_memmove(&range[i + 3], &range[i + 1],
|
438
|
855 (a->nelts - 3 - i) * sizeof(ngx_http_geo_range_t));
|
|
856
|
|
857 range[i + 2].start = (u_short) (e + 1);
|
|
858 range[i + 2].end = range[i].end;
|
|
859 range[i + 2].value = range[i].value;
|
|
860
|
|
861 range[i + 1].start = (u_short) s;
|
|
862 range[i + 1].end = (u_short) e;
|
|
863 range[i + 1].value = ctx->value;
|
|
864
|
|
865 range[i].end = (u_short) (s - 1);
|
|
866
|
|
867 goto next;
|
422
|
868 }
|
|
869
|
438
|
870 if (s == (ngx_uint_t) range[i].start
|
|
871 && e < (ngx_uint_t) range[i].end)
|
|
872 {
|
|
873 /* shift the range start and insert the new range */
|
|
874
|
|
875 range = ngx_array_push(a);
|
|
876 if (range == NULL) {
|
|
877 return NGX_CONF_ERROR;
|
|
878 }
|
|
879
|
|
880 range = a->elts;
|
|
881
|
620
|
882 ngx_memmove(&range[i + 1], &range[i],
|
440
|
883 (a->nelts - 1 - i) * sizeof(ngx_http_geo_range_t));
|
438
|
884
|
|
885 range[i + 1].start = (u_short) (e + 1);
|
|
886
|
|
887 range[i].start = (u_short) s;
|
|
888 range[i].end = (u_short) e;
|
|
889 range[i].value = ctx->value;
|
|
890
|
|
891 goto next;
|
|
892 }
|
|
893
|
|
894 if (s > (ngx_uint_t) range[i].start
|
|
895 && e == (ngx_uint_t) range[i].end)
|
|
896 {
|
|
897 /* shift the range end and insert the new range */
|
|
898
|
|
899 range = ngx_array_push(a);
|
|
900 if (range == NULL) {
|
|
901 return NGX_CONF_ERROR;
|
|
902 }
|
|
903
|
|
904 range = a->elts;
|
|
905
|
620
|
906 ngx_memmove(&range[i + 2], &range[i + 1],
|
438
|
907 (a->nelts - 2 - i) * sizeof(ngx_http_geo_range_t));
|
|
908
|
|
909 range[i + 1].start = (u_short) s;
|
|
910 range[i + 1].end = (u_short) e;
|
|
911 range[i + 1].value = ctx->value;
|
|
912
|
|
913 range[i].end = (u_short) (s - 1);
|
|
914
|
|
915 goto next;
|
|
916 }
|
|
917
|
|
918 s = (ngx_uint_t) range[i].start;
|
|
919 e = (ngx_uint_t) range[i].end;
|
|
920
|
422
|
921 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
438
|
922 "range \"%V\" overlaps \"%d.%d.%d.%d-%d.%d.%d.%d\"",
|
|
923 ctx->net,
|
|
924 h >> 8, h & 0xff, s >> 8, s & 0xff,
|
|
925 h >> 8, h & 0xff, e >> 8, e & 0xff);
|
422
|
926
|
|
927 return NGX_CONF_ERROR;
|
|
928 }
|
|
929
|
|
930 /* add the first range */
|
|
931
|
|
932 range = ngx_array_push(a);
|
|
933 if (range == NULL) {
|
|
934 return NGX_CONF_ERROR;
|
|
935 }
|
|
936
|
|
937 range->start = (u_short) s;
|
|
938 range->end = (u_short) e;
|
|
939 range->value = ctx->value;
|
438
|
940
|
|
941 next:
|
|
942
|
|
943 continue;
|
422
|
944 }
|
|
945
|
|
946 return NGX_CONF_OK;
|
|
947 }
|
|
948
|
|
949
|
|
950 static ngx_uint_t
|
|
951 ngx_http_geo_delete_range(ngx_conf_t *cf, ngx_http_geo_conf_ctx_t *ctx,
|
|
952 in_addr_t start, in_addr_t end)
|
|
953 {
|
|
954 in_addr_t n;
|
|
955 ngx_uint_t h, i, s, e, warn;
|
|
956 ngx_array_t *a;
|
|
957 ngx_http_geo_range_t *range;
|
|
958
|
|
959 warn = 0;
|
|
960
|
438
|
961 for (n = start; n <= end; n += 0x10000) {
|
422
|
962
|
|
963 h = n >> 16;
|
438
|
964
|
|
965 if (n == start) {
|
|
966 s = n & 0xffff;
|
|
967 } else {
|
|
968 s = 0;
|
|
969 }
|
422
|
970
|
|
971 if ((n | 0xffff) > end) {
|
|
972 e = end & 0xffff;
|
|
973
|
|
974 } else {
|
|
975 e = 0xffff;
|
|
976 }
|
|
977
|
582
|
978 a = (ngx_array_t *) ctx->high.low[h];
|
422
|
979
|
|
980 if (a == NULL) {
|
|
981 warn = 1;
|
|
982 continue;
|
|
983 }
|
|
984
|
|
985 range = a->elts;
|
|
986 for (i = 0; i < a->nelts; i++) {
|
|
987
|
|
988 if (s == (ngx_uint_t) range[i].start
|
|
989 && e == (ngx_uint_t) range[i].end)
|
|
990 {
|
620
|
991 ngx_memmove(&range[i], &range[i + 1],
|
422
|
992 (a->nelts - 1 - i) * sizeof(ngx_http_geo_range_t));
|
438
|
993
|
|
994 a->nelts--;
|
|
995
|
422
|
996 break;
|
|
997 }
|
|
998
|
|
999 if (s != (ngx_uint_t) range[i].start
|
|
1000 && e != (ngx_uint_t) range[i].end)
|
|
1001 {
|
|
1002 continue;
|
|
1003 }
|
|
1004
|
|
1005 warn = 1;
|
|
1006 }
|
|
1007 }
|
|
1008
|
|
1009 return warn;
|
|
1010 }
|
|
1011
|
|
1012
|
|
1013 static char *
|
|
1014 ngx_http_geo_cidr(ngx_conf_t *cf, ngx_http_geo_conf_ctx_t *ctx,
|
|
1015 ngx_str_t *value)
|
|
1016 {
|
|
1017 ngx_int_t rc, del;
|
|
1018 ngx_str_t *net;
|
|
1019 ngx_uint_t i;
|
454
|
1020 ngx_cidr_t cidr;
|
422
|
1021 ngx_http_variable_value_t *val, *old;
|
|
1022
|
|
1023 if (ctx->tree == NULL) {
|
|
1024 ctx->tree = ngx_radix_tree_create(ctx->pool, -1);
|
|
1025 if (ctx->tree == NULL) {
|
|
1026 return NGX_CONF_ERROR;
|
|
1027 }
|
34
|
1028 }
|
|
1029
|
694
|
1030 #if (NGX_HAVE_INET6)
|
|
1031 if (ctx->tree6 == NULL) {
|
|
1032 ctx->tree6 = ngx_radix_tree_create(ctx->pool, -1);
|
|
1033 if (ctx->tree6 == NULL) {
|
|
1034 return NGX_CONF_ERROR;
|
|
1035 }
|
|
1036 }
|
|
1037 #endif
|
|
1038
|
34
|
1039 if (ngx_strcmp(value[0].data, "default") == 0) {
|
694
|
1040 cidr.family = AF_INET;
|
454
|
1041 cidr.u.in.addr = 0;
|
|
1042 cidr.u.in.mask = 0;
|
422
|
1043 net = &value[0];
|
34
|
1044
|
|
1045 } else {
|
422
|
1046 if (ngx_strcmp(value[0].data, "delete") == 0) {
|
|
1047 net = &value[1];
|
|
1048 del = 1;
|
|
1049
|
|
1050 } else {
|
|
1051 net = &value[0];
|
|
1052 del = 0;
|
|
1053 }
|
|
1054
|
510
|
1055 if (ngx_http_geo_cidr_value(cf, net, &cidr) != NGX_OK) {
|
|
1056 return NGX_CONF_ERROR;
|
326
|
1057 }
|
|
1058
|
694
|
1059 if (cidr.family == AF_INET) {
|
|
1060 cidr.u.in.addr = ntohl(cidr.u.in.addr);
|
|
1061 cidr.u.in.mask = ntohl(cidr.u.in.mask);
|
674
|
1062 }
|
|
1063
|
694
|
1064 if (del) {
|
|
1065 switch (cidr.family) {
|
674
|
1066
|
694
|
1067 #if (NGX_HAVE_INET6)
|
|
1068 case AF_INET6:
|
|
1069 rc = ngx_radix128tree_delete(ctx->tree6,
|
|
1070 cidr.u.in6.addr.s6_addr,
|
|
1071 cidr.u.in6.mask.s6_addr);
|
|
1072 break;
|
|
1073 #endif
|
|
1074
|
|
1075 default: /* AF_INET */
|
|
1076 rc = ngx_radix32tree_delete(ctx->tree, cidr.u.in.addr,
|
|
1077 cidr.u.in.mask);
|
|
1078 break;
|
|
1079 }
|
|
1080
|
|
1081 if (rc != NGX_OK) {
|
422
|
1082 ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
|
|
1083 "no network \"%V\" to delete", net);
|
|
1084 }
|
426
|
1085
|
|
1086 return NGX_CONF_OK;
|
34
|
1087 }
|
|
1088 }
|
|
1089
|
422
|
1090 val = ngx_http_geo_value(cf, ctx, &value[1]);
|
34
|
1091
|
422
|
1092 if (val == NULL) {
|
|
1093 return NGX_CONF_ERROR;
|
34
|
1094 }
|
|
1095
|
694
|
1096 switch (cidr.family) {
|
|
1097
|
|
1098 #if (NGX_HAVE_INET6)
|
|
1099 case AF_INET6:
|
|
1100 for (i = 2; i; i--) {
|
|
1101 rc = ngx_radix128tree_insert(ctx->tree6, cidr.u.in6.addr.s6_addr,
|
|
1102 cidr.u.in6.mask.s6_addr,
|
|
1103 (uintptr_t) val);
|
|
1104
|
|
1105 if (rc == NGX_OK) {
|
|
1106 return NGX_CONF_OK;
|
|
1107 }
|
|
1108
|
|
1109 if (rc == NGX_ERROR) {
|
|
1110 return NGX_CONF_ERROR;
|
|
1111 }
|
102
|
1112
|
694
|
1113 /* rc == NGX_BUSY */
|
|
1114
|
|
1115 old = (ngx_http_variable_value_t *)
|
|
1116 ngx_radix128tree_find(ctx->tree6,
|
|
1117 cidr.u.in6.addr.s6_addr);
|
|
1118
|
|
1119 ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
|
|
1120 "duplicate network \"%V\", value: \"%v\", old value: \"%v\"",
|
|
1121 net, val, old);
|
|
1122
|
|
1123 rc = ngx_radix128tree_delete(ctx->tree6,
|
|
1124 cidr.u.in6.addr.s6_addr,
|
|
1125 cidr.u.in6.mask.s6_addr);
|
|
1126
|
|
1127 if (rc == NGX_ERROR) {
|
|
1128 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid radix tree");
|
|
1129 return NGX_CONF_ERROR;
|
|
1130 }
|
102
|
1131 }
|
|
1132
|
694
|
1133 break;
|
|
1134 #endif
|
|
1135
|
|
1136 default: /* AF_INET */
|
|
1137 for (i = 2; i; i--) {
|
|
1138 rc = ngx_radix32tree_insert(ctx->tree, cidr.u.in.addr,
|
|
1139 cidr.u.in.mask, (uintptr_t) val);
|
102
|
1140
|
694
|
1141 if (rc == NGX_OK) {
|
|
1142 return NGX_CONF_OK;
|
|
1143 }
|
|
1144
|
|
1145 if (rc == NGX_ERROR) {
|
|
1146 return NGX_CONF_ERROR;
|
|
1147 }
|
|
1148
|
|
1149 /* rc == NGX_BUSY */
|
102
|
1150
|
694
|
1151 old = (ngx_http_variable_value_t *)
|
|
1152 ngx_radix32tree_find(ctx->tree, cidr.u.in.addr);
|
|
1153
|
|
1154 ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
|
|
1155 "duplicate network \"%V\", value: \"%v\", old value: \"%v\"",
|
|
1156 net, val, old);
|
102
|
1157
|
694
|
1158 rc = ngx_radix32tree_delete(ctx->tree,
|
|
1159 cidr.u.in.addr, cidr.u.in.mask);
|
102
|
1160
|
694
|
1161 if (rc == NGX_ERROR) {
|
|
1162 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid radix tree");
|
|
1163 return NGX_CONF_ERROR;
|
|
1164 }
|
102
|
1165 }
|
694
|
1166
|
|
1167 break;
|
34
|
1168 }
|
|
1169
|
102
|
1170 return NGX_CONF_ERROR;
|
34
|
1171 }
|
422
|
1172
|
|
1173
|
|
1174 static ngx_http_variable_value_t *
|
|
1175 ngx_http_geo_value(ngx_conf_t *cf, ngx_http_geo_conf_ctx_t *ctx,
|
|
1176 ngx_str_t *value)
|
|
1177 {
|
582
|
1178 uint32_t hash;
|
|
1179 ngx_http_variable_value_t *val;
|
|
1180 ngx_http_geo_variable_value_node_t *gvvn;
|
422
|
1181
|
|
1182 hash = ngx_crc32_long(value->data, value->len);
|
|
1183
|
582
|
1184 gvvn = (ngx_http_geo_variable_value_node_t *)
|
|
1185 ngx_str_rbtree_lookup(&ctx->rbtree, value, hash);
|
422
|
1186
|
582
|
1187 if (gvvn) {
|
|
1188 return gvvn->value;
|
422
|
1189 }
|
|
1190
|
|
1191 val = ngx_palloc(ctx->pool, sizeof(ngx_http_variable_value_t));
|
|
1192 if (val == NULL) {
|
|
1193 return NULL;
|
|
1194 }
|
|
1195
|
|
1196 val->len = value->len;
|
|
1197 val->data = ngx_pstrdup(ctx->pool, value);
|
|
1198 if (val->data == NULL) {
|
|
1199 return NULL;
|
|
1200 }
|
|
1201
|
|
1202 val->valid = 1;
|
|
1203 val->no_cacheable = 0;
|
|
1204 val->not_found = 0;
|
|
1205
|
582
|
1206 gvvn = ngx_palloc(ctx->temp_pool,
|
|
1207 sizeof(ngx_http_geo_variable_value_node_t));
|
|
1208 if (gvvn == NULL) {
|
422
|
1209 return NULL;
|
|
1210 }
|
|
1211
|
582
|
1212 gvvn->sn.node.key = hash;
|
|
1213 gvvn->sn.str.len = val->len;
|
|
1214 gvvn->sn.str.data = val->data;
|
|
1215 gvvn->value = val;
|
|
1216 gvvn->offset = 0;
|
422
|
1217
|
582
|
1218 ngx_rbtree_insert(&ctx->rbtree, &gvvn->sn.node);
|
|
1219
|
|
1220 ctx->data_size += ngx_align(sizeof(ngx_http_variable_value_t) + value->len,
|
|
1221 sizeof(void *));
|
422
|
1222
|
|
1223 return val;
|
|
1224 }
|
510
|
1225
|
|
1226
|
|
1227 static char *
|
|
1228 ngx_http_geo_add_proxy(ngx_conf_t *cf, ngx_http_geo_conf_ctx_t *ctx,
|
|
1229 ngx_cidr_t *cidr)
|
|
1230 {
|
674
|
1231 ngx_cidr_t *c;
|
510
|
1232
|
|
1233 if (ctx->proxies == NULL) {
|
674
|
1234 ctx->proxies = ngx_array_create(ctx->pool, 4, sizeof(ngx_cidr_t));
|
510
|
1235 if (ctx->proxies == NULL) {
|
|
1236 return NGX_CONF_ERROR;
|
|
1237 }
|
|
1238 }
|
|
1239
|
|
1240 c = ngx_array_push(ctx->proxies);
|
|
1241 if (c == NULL) {
|
|
1242 return NGX_CONF_ERROR;
|
|
1243 }
|
|
1244
|
674
|
1245 *c = *cidr;
|
510
|
1246
|
|
1247 return NGX_CONF_OK;
|
|
1248 }
|
|
1249
|
|
1250
|
|
1251 static ngx_int_t
|
|
1252 ngx_http_geo_cidr_value(ngx_conf_t *cf, ngx_str_t *net, ngx_cidr_t *cidr)
|
|
1253 {
|
|
1254 ngx_int_t rc;
|
|
1255
|
|
1256 if (ngx_strcmp(net->data, "255.255.255.255") == 0) {
|
674
|
1257 cidr->family = AF_INET;
|
510
|
1258 cidr->u.in.addr = 0xffffffff;
|
|
1259 cidr->u.in.mask = 0xffffffff;
|
|
1260
|
|
1261 return NGX_OK;
|
|
1262 }
|
|
1263
|
|
1264 rc = ngx_ptocidr(net, cidr);
|
|
1265
|
|
1266 if (rc == NGX_ERROR) {
|
|
1267 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid network \"%V\"", net);
|
|
1268 return NGX_ERROR;
|
|
1269 }
|
|
1270
|
|
1271 if (rc == NGX_DONE) {
|
|
1272 ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
|
|
1273 "low address bits of %V are meaningless", net);
|
|
1274 }
|
|
1275
|
|
1276 return NGX_OK;
|
|
1277 }
|
582
|
1278
|
|
1279
|
|
1280 static char *
|
|
1281 ngx_http_geo_include(ngx_conf_t *cf, ngx_http_geo_conf_ctx_t *ctx,
|
|
1282 ngx_str_t *name)
|
|
1283 {
|
|
1284 char *rv;
|
|
1285 ngx_str_t file;
|
|
1286
|
|
1287 file.len = name->len + 4;
|
|
1288 file.data = ngx_pnalloc(ctx->temp_pool, name->len + 5);
|
|
1289 if (file.data == NULL) {
|
|
1290 return NGX_CONF_ERROR;
|
|
1291 }
|
|
1292
|
|
1293 ngx_sprintf(file.data, "%V.bin%Z", name);
|
|
1294
|
|
1295 if (ngx_conf_full_name(cf->cycle, &file, 1) != NGX_OK) {
|
|
1296 return NGX_CONF_ERROR;
|
|
1297 }
|
|
1298
|
|
1299 if (ctx->ranges) {
|
|
1300 ngx_log_debug1(NGX_LOG_DEBUG_CORE, cf->log, 0, "include %s", file.data);
|
|
1301
|
|
1302 switch (ngx_http_geo_include_binary_base(cf, ctx, &file)) {
|
|
1303 case NGX_OK:
|
|
1304 return NGX_CONF_OK;
|
|
1305 case NGX_ERROR:
|
|
1306 return NGX_CONF_ERROR;
|
|
1307 default:
|
|
1308 break;
|
|
1309 }
|
|
1310 }
|
|
1311
|
|
1312 file.len -= 4;
|
|
1313 file.data[file.len] = '\0';
|
|
1314
|
|
1315 ctx->include_name = file;
|
|
1316
|
|
1317 if (ctx->outside_entries) {
|
|
1318 ctx->allow_binary_include = 0;
|
|
1319 }
|
|
1320
|
|
1321 ngx_log_debug1(NGX_LOG_DEBUG_CORE, cf->log, 0, "include %s", file.data);
|
|
1322
|
|
1323 rv = ngx_conf_parse(cf, &file);
|
|
1324
|
|
1325 ctx->includes++;
|
|
1326 ctx->outside_entries = 0;
|
|
1327
|
|
1328 return rv;
|
|
1329 }
|
|
1330
|
|
1331
|
|
1332 static ngx_int_t
|
|
1333 ngx_http_geo_include_binary_base(ngx_conf_t *cf, ngx_http_geo_conf_ctx_t *ctx,
|
|
1334 ngx_str_t *name)
|
|
1335 {
|
|
1336 u_char *base, ch;
|
|
1337 time_t mtime;
|
|
1338 size_t size, len;
|
|
1339 ssize_t n;
|
|
1340 uint32_t crc32;
|
|
1341 ngx_err_t err;
|
|
1342 ngx_int_t rc;
|
|
1343 ngx_uint_t i;
|
|
1344 ngx_file_t file;
|
|
1345 ngx_file_info_t fi;
|
|
1346 ngx_http_geo_range_t *range, **ranges;
|
|
1347 ngx_http_geo_header_t *header;
|
|
1348 ngx_http_variable_value_t *vv;
|
|
1349
|
|
1350 ngx_memzero(&file, sizeof(ngx_file_t));
|
|
1351 file.name = *name;
|
|
1352 file.log = cf->log;
|
|
1353
|
|
1354 file.fd = ngx_open_file(name->data, NGX_FILE_RDONLY, 0, 0);
|
|
1355 if (file.fd == NGX_INVALID_FILE) {
|
|
1356 err = ngx_errno;
|
|
1357 if (err != NGX_ENOENT) {
|
|
1358 ngx_conf_log_error(NGX_LOG_CRIT, cf, err,
|
|
1359 ngx_open_file_n " \"%s\" failed", name->data);
|
|
1360 }
|
|
1361 return NGX_DECLINED;
|
|
1362 }
|
|
1363
|
|
1364 if (ctx->outside_entries) {
|
|
1365 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
672
|
1366 "binary geo range base \"%s\" cannot be mixed with usual entries",
|
582
|
1367 name->data);
|
|
1368 rc = NGX_ERROR;
|
|
1369 goto done;
|
|
1370 }
|
|
1371
|
|
1372 if (ctx->binary_include) {
|
|
1373 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
672
|
1374 "second binary geo range base \"%s\" cannot be mixed with \"%s\"",
|
582
|
1375 name->data, ctx->include_name.data);
|
|
1376 rc = NGX_ERROR;
|
|
1377 goto done;
|
|
1378 }
|
|
1379
|
|
1380 if (ngx_fd_info(file.fd, &fi) == NGX_FILE_ERROR) {
|
|
1381 ngx_conf_log_error(NGX_LOG_CRIT, cf, ngx_errno,
|
|
1382 ngx_fd_info_n " \"%s\" failed", name->data);
|
|
1383 goto failed;
|
|
1384 }
|
|
1385
|
|
1386 size = (size_t) ngx_file_size(&fi);
|
|
1387 mtime = ngx_file_mtime(&fi);
|
|
1388
|
|
1389 ch = name->data[name->len - 4];
|
|
1390 name->data[name->len - 4] = '\0';
|
|
1391
|
|
1392 if (ngx_file_info(name->data, &fi) == NGX_FILE_ERROR) {
|
|
1393 ngx_conf_log_error(NGX_LOG_CRIT, cf, ngx_errno,
|
|
1394 ngx_file_info_n " \"%s\" failed", name->data);
|
|
1395 goto failed;
|
|
1396 }
|
|
1397
|
|
1398 name->data[name->len - 4] = ch;
|
|
1399
|
|
1400 if (mtime < ngx_file_mtime(&fi)) {
|
|
1401 ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
|
|
1402 "stale binary geo range base \"%s\"", name->data);
|
|
1403 goto failed;
|
|
1404 }
|
|
1405
|
|
1406 base = ngx_palloc(ctx->pool, size);
|
|
1407 if (base == NULL) {
|
|
1408 goto failed;
|
|
1409 }
|
|
1410
|
|
1411 n = ngx_read_file(&file, base, size, 0);
|
|
1412
|
|
1413 if (n == NGX_ERROR) {
|
|
1414 ngx_conf_log_error(NGX_LOG_CRIT, cf, ngx_errno,
|
|
1415 ngx_read_file_n " \"%s\" failed", name->data);
|
|
1416 goto failed;
|
|
1417 }
|
|
1418
|
|
1419 if ((size_t) n != size) {
|
|
1420 ngx_conf_log_error(NGX_LOG_CRIT, cf, 0,
|
|
1421 ngx_read_file_n " \"%s\" returned only %z bytes instead of %z",
|
|
1422 name->data, n, size);
|
|
1423 goto failed;
|
|
1424 }
|
|
1425
|
|
1426 header = (ngx_http_geo_header_t *) base;
|
|
1427
|
|
1428 if (size < 16 || ngx_memcmp(&ngx_http_geo_header, header, 12) != 0) {
|
|
1429 ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
|
|
1430 "incompatible binary geo range base \"%s\"", name->data);
|
|
1431 goto failed;
|
|
1432 }
|
|
1433
|
|
1434 ngx_crc32_init(crc32);
|
|
1435
|
|
1436 vv = (ngx_http_variable_value_t *) (base + sizeof(ngx_http_geo_header_t));
|
|
1437
|
|
1438 while(vv->data) {
|
|
1439 len = ngx_align(sizeof(ngx_http_variable_value_t) + vv->len,
|
|
1440 sizeof(void *));
|
|
1441 ngx_crc32_update(&crc32, (u_char *) vv, len);
|
|
1442 vv->data += (size_t) base;
|
|
1443 vv = (ngx_http_variable_value_t *) ((u_char *) vv + len);
|
|
1444 }
|
|
1445 ngx_crc32_update(&crc32, (u_char *) vv, sizeof(ngx_http_variable_value_t));
|
|
1446 vv++;
|
|
1447
|
|
1448 ranges = (ngx_http_geo_range_t **) vv;
|
|
1449
|
|
1450 for (i = 0; i < 0x10000; i++) {
|
|
1451 ngx_crc32_update(&crc32, (u_char *) &ranges[i], sizeof(void *));
|
|
1452 if (ranges[i]) {
|
|
1453 ranges[i] = (ngx_http_geo_range_t *)
|
|
1454 ((u_char *) ranges[i] + (size_t) base);
|
|
1455 }
|
|
1456 }
|
|
1457
|
|
1458 range = (ngx_http_geo_range_t *) &ranges[0x10000];
|
|
1459
|
|
1460 while ((u_char *) range < base + size) {
|
|
1461 while (range->value) {
|
|
1462 ngx_crc32_update(&crc32, (u_char *) range,
|
|
1463 sizeof(ngx_http_geo_range_t));
|
|
1464 range->value = (ngx_http_variable_value_t *)
|
|
1465 ((u_char *) range->value + (size_t) base);
|
|
1466 range++;
|
|
1467 }
|
|
1468 ngx_crc32_update(&crc32, (u_char *) range, sizeof(void *));
|
|
1469 range = (ngx_http_geo_range_t *) ((u_char *) range + sizeof(void *));
|
|
1470 }
|
|
1471
|
|
1472 ngx_crc32_final(crc32);
|
|
1473
|
|
1474 if (crc32 != header->crc32) {
|
|
1475 ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
|
|
1476 "CRC32 mismatch in binary geo range base \"%s\"", name->data);
|
|
1477 goto failed;
|
|
1478 }
|
|
1479
|
|
1480 ngx_conf_log_error(NGX_LOG_NOTICE, cf, 0,
|
|
1481 "using binary geo range base \"%s\"", name->data);
|
|
1482
|
|
1483 ctx->include_name = *name;
|
|
1484 ctx->binary_include = 1;
|
|
1485 ctx->high.low = ranges;
|
|
1486 rc = NGX_OK;
|
|
1487
|
|
1488 goto done;
|
|
1489
|
|
1490 failed:
|
|
1491
|
|
1492 rc = NGX_DECLINED;
|
|
1493
|
|
1494 done:
|
|
1495
|
|
1496 if (ngx_close_file(file.fd) == NGX_FILE_ERROR) {
|
|
1497 ngx_log_error(NGX_LOG_ALERT, cf->log, ngx_errno,
|
|
1498 ngx_close_file_n " \"%s\" failed", name->data);
|
|
1499 }
|
|
1500
|
|
1501 return rc;
|
|
1502 }
|
|
1503
|
|
1504
|
|
1505 static void
|
|
1506 ngx_http_geo_create_binary_base(ngx_http_geo_conf_ctx_t *ctx)
|
|
1507 {
|
|
1508 u_char *p;
|
|
1509 uint32_t hash;
|
|
1510 ngx_str_t s;
|
|
1511 ngx_uint_t i;
|
|
1512 ngx_file_mapping_t fm;
|
|
1513 ngx_http_geo_range_t *r, *range, **ranges;
|
|
1514 ngx_http_geo_header_t *header;
|
|
1515 ngx_http_geo_variable_value_node_t *gvvn;
|
|
1516
|
|
1517 fm.name = ngx_pnalloc(ctx->temp_pool, ctx->include_name.len + 5);
|
|
1518 if (fm.name == NULL) {
|
|
1519 return;
|
|
1520 }
|
|
1521
|
|
1522 ngx_sprintf(fm.name, "%V.bin%Z", &ctx->include_name);
|
|
1523
|
|
1524 fm.size = ctx->data_size;
|
|
1525 fm.log = ctx->pool->log;
|
|
1526
|
|
1527 ngx_log_error(NGX_LOG_NOTICE, fm.log, 0,
|
|
1528 "creating binary geo range base \"%s\"", fm.name);
|
|
1529
|
|
1530 if (ngx_create_file_mapping(&fm) != NGX_OK) {
|
|
1531 return;
|
|
1532 }
|
|
1533
|
|
1534 p = ngx_cpymem(fm.addr, &ngx_http_geo_header,
|
|
1535 sizeof(ngx_http_geo_header_t));
|
|
1536
|
|
1537 p = ngx_http_geo_copy_values(fm.addr, p, ctx->rbtree.root,
|
|
1538 ctx->rbtree.sentinel);
|
|
1539
|
|
1540 p += sizeof(ngx_http_variable_value_t);
|
|
1541
|
|
1542 ranges = (ngx_http_geo_range_t **) p;
|
|
1543
|
|
1544 p += 0x10000 * sizeof(ngx_http_geo_range_t *);
|
|
1545
|
|
1546 for (i = 0; i < 0x10000; i++) {
|
|
1547 r = ctx->high.low[i];
|
|
1548 if (r == NULL) {
|
|
1549 continue;
|
|
1550 }
|
|
1551
|
|
1552 range = (ngx_http_geo_range_t *) p;
|
|
1553 ranges[i] = (ngx_http_geo_range_t *) (p - (u_char *) fm.addr);
|
|
1554
|
|
1555 do {
|
|
1556 s.len = r->value->len;
|
|
1557 s.data = r->value->data;
|
|
1558 hash = ngx_crc32_long(s.data, s.len);
|
|
1559 gvvn = (ngx_http_geo_variable_value_node_t *)
|
|
1560 ngx_str_rbtree_lookup(&ctx->rbtree, &s, hash);
|
|
1561
|
|
1562 range->value = (ngx_http_variable_value_t *) gvvn->offset;
|
|
1563 range->start = r->start;
|
|
1564 range->end = r->end;
|
|
1565 range++;
|
|
1566
|
|
1567 } while ((++r)->value);
|
|
1568
|
|
1569 range->value = NULL;
|
|
1570
|
|
1571 p = (u_char *) range + sizeof(void *);
|
|
1572 }
|
|
1573
|
|
1574 header = fm.addr;
|
|
1575 header->crc32 = ngx_crc32_long((u_char *) fm.addr
|
|
1576 + sizeof(ngx_http_geo_header_t),
|
|
1577 fm.size - sizeof(ngx_http_geo_header_t));
|
|
1578
|
|
1579 ngx_close_file_mapping(&fm);
|
|
1580 }
|
|
1581
|
|
1582
|
|
1583 static u_char *
|
|
1584 ngx_http_geo_copy_values(u_char *base, u_char *p, ngx_rbtree_node_t *node,
|
|
1585 ngx_rbtree_node_t *sentinel)
|
|
1586 {
|
|
1587 ngx_http_variable_value_t *vv;
|
|
1588 ngx_http_geo_variable_value_node_t *gvvn;
|
|
1589
|
|
1590 if (node == sentinel) {
|
|
1591 return p;
|
|
1592 }
|
|
1593
|
|
1594 gvvn = (ngx_http_geo_variable_value_node_t *) node;
|
|
1595 gvvn->offset = p - base;
|
|
1596
|
|
1597 vv = (ngx_http_variable_value_t *) p;
|
|
1598 *vv = *gvvn->value;
|
|
1599 p += sizeof(ngx_http_variable_value_t);
|
|
1600 vv->data = (u_char *) (p - base);
|
|
1601
|
|
1602 p = ngx_cpymem(p, gvvn->sn.str.data, gvvn->sn.str.len);
|
|
1603
|
|
1604 p = ngx_align_ptr(p, sizeof(void *));
|
|
1605
|
|
1606 p = ngx_http_geo_copy_values(base, p, node->left, sentinel);
|
|
1607
|
|
1608 return ngx_http_geo_copy_values(base, p, node->right, sentinel);
|
|
1609 }
|