Mercurial > hg > nginx
annotate src/stream/ngx_stream_handler.c @ 6197:0dcef374b8bb
Stream: connection limiting module.
stream {
limit_conn_zone $binary_remote_addr zone=perip:1m;
limit_conn_log_level error;
server {
...
limit_conn perip 1;
}
}
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Thu, 18 Jun 2015 14:17:30 +0300 |
parents | 8807a2369b1a |
children | 7565e056fad6 |
rev | line source |
---|---|
6115 | 1 |
2 /* | |
3 * Copyright (C) Roman Arutyunyan | |
4 * Copyright (C) Nginx, Inc. | |
5 */ | |
6 | |
7 | |
8 #include <ngx_config.h> | |
9 #include <ngx_core.h> | |
10 #include <ngx_event.h> | |
11 #include <ngx_stream.h> | |
12 | |
13 | |
14 static u_char *ngx_stream_log_error(ngx_log_t *log, u_char *buf, size_t len); | |
15 static void ngx_stream_init_session(ngx_connection_t *c); | |
16 | |
17 #if (NGX_STREAM_SSL) | |
18 static void ngx_stream_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c); | |
19 static void ngx_stream_ssl_handshake_handler(ngx_connection_t *c); | |
20 #endif | |
21 | |
22 | |
23 void | |
24 ngx_stream_init_connection(ngx_connection_t *c) | |
25 { | |
6175 | 26 u_char text[NGX_SOCKADDR_STRLEN]; |
27 size_t len; | |
28 ngx_int_t rc; | |
29 ngx_uint_t i; | |
30 struct sockaddr *sa; | |
31 ngx_stream_port_t *port; | |
32 struct sockaddr_in *sin; | |
33 ngx_stream_in_addr_t *addr; | |
34 ngx_stream_session_t *s; | |
35 ngx_stream_addr_conf_t *addr_conf; | |
6115 | 36 #if (NGX_HAVE_INET6) |
6175 | 37 struct sockaddr_in6 *sin6; |
38 ngx_stream_in6_addr_t *addr6; | |
6115 | 39 #endif |
6175 | 40 ngx_stream_core_srv_conf_t *cscf; |
41 ngx_stream_core_main_conf_t *cmcf; | |
6115 | 42 |
43 /* find the server configuration for the address:port */ | |
44 | |
45 port = c->listening->servers; | |
46 | |
47 if (port->naddrs > 1) { | |
48 | |
49 /* | |
50 * There are several addresses on this port and one of them | |
51 * is the "*:port" wildcard so getsockname() is needed to determine | |
52 * the server address. | |
53 * | |
54 * AcceptEx() already gave this address. | |
55 */ | |
56 | |
57 if (ngx_connection_local_sockaddr(c, NULL, 0) != NGX_OK) { | |
58 ngx_stream_close_connection(c); | |
59 return; | |
60 } | |
61 | |
62 sa = c->local_sockaddr; | |
63 | |
64 switch (sa->sa_family) { | |
65 | |
66 #if (NGX_HAVE_INET6) | |
67 case AF_INET6: | |
68 sin6 = (struct sockaddr_in6 *) sa; | |
69 | |
70 addr6 = port->addrs; | |
71 | |
72 /* the last address is "*" */ | |
73 | |
74 for (i = 0; i < port->naddrs - 1; i++) { | |
75 if (ngx_memcmp(&addr6[i].addr6, &sin6->sin6_addr, 16) == 0) { | |
76 break; | |
77 } | |
78 } | |
79 | |
80 addr_conf = &addr6[i].conf; | |
81 | |
82 break; | |
83 #endif | |
84 | |
85 default: /* AF_INET */ | |
86 sin = (struct sockaddr_in *) sa; | |
87 | |
88 addr = port->addrs; | |
89 | |
90 /* the last address is "*" */ | |
91 | |
92 for (i = 0; i < port->naddrs - 1; i++) { | |
93 if (addr[i].addr == sin->sin_addr.s_addr) { | |
94 break; | |
95 } | |
96 } | |
97 | |
98 addr_conf = &addr[i].conf; | |
99 | |
100 break; | |
101 } | |
102 | |
103 } else { | |
104 switch (c->local_sockaddr->sa_family) { | |
105 | |
106 #if (NGX_HAVE_INET6) | |
107 case AF_INET6: | |
108 addr6 = port->addrs; | |
109 addr_conf = &addr6[0].conf; | |
110 break; | |
111 #endif | |
112 | |
113 default: /* AF_INET */ | |
114 addr = port->addrs; | |
115 addr_conf = &addr[0].conf; | |
116 break; | |
117 } | |
118 } | |
119 | |
120 s = ngx_pcalloc(c->pool, sizeof(ngx_stream_session_t)); | |
121 if (s == NULL) { | |
122 ngx_stream_close_connection(c); | |
123 return; | |
124 } | |
125 | |
126 s->signature = NGX_STREAM_MODULE; | |
127 s->main_conf = addr_conf->ctx->main_conf; | |
128 s->srv_conf = addr_conf->ctx->srv_conf; | |
129 | |
130 s->connection = c; | |
131 c->data = s; | |
132 | |
133 cscf = ngx_stream_get_module_srv_conf(s, ngx_stream_core_module); | |
134 | |
6129
187aa751ad62
Core: the ngx_set_connection_log() macro.
Vladimir Homutov <vl@nginx.com>
parents:
6115
diff
changeset
|
135 ngx_set_connection_log(c, cscf->error_log); |
6115 | 136 |
137 len = ngx_sock_ntop(c->sockaddr, c->socklen, text, NGX_SOCKADDR_STRLEN, 1); | |
138 | |
139 ngx_log_error(NGX_LOG_INFO, c->log, 0, "*%uA client %*s connected to %V", | |
140 c->number, len, text, &addr_conf->addr_text); | |
141 | |
142 c->log->connection = c->number; | |
143 c->log->handler = ngx_stream_log_error; | |
144 c->log->data = s; | |
145 c->log->action = "initializing connection"; | |
146 c->log_error = NGX_ERROR_INFO; | |
147 | |
6175 | 148 cmcf = ngx_stream_get_module_main_conf(s, ngx_stream_core_module); |
149 | |
6197
0dcef374b8bb
Stream: connection limiting module.
Vladimir Homutov <vl@nginx.com>
parents:
6175
diff
changeset
|
150 if (cmcf->limit_conn_handler) { |
0dcef374b8bb
Stream: connection limiting module.
Vladimir Homutov <vl@nginx.com>
parents:
6175
diff
changeset
|
151 rc = cmcf->limit_conn_handler(s); |
0dcef374b8bb
Stream: connection limiting module.
Vladimir Homutov <vl@nginx.com>
parents:
6175
diff
changeset
|
152 |
0dcef374b8bb
Stream: connection limiting module.
Vladimir Homutov <vl@nginx.com>
parents:
6175
diff
changeset
|
153 if (rc != NGX_DECLINED) { |
0dcef374b8bb
Stream: connection limiting module.
Vladimir Homutov <vl@nginx.com>
parents:
6175
diff
changeset
|
154 ngx_stream_close_connection(c); |
0dcef374b8bb
Stream: connection limiting module.
Vladimir Homutov <vl@nginx.com>
parents:
6175
diff
changeset
|
155 return; |
0dcef374b8bb
Stream: connection limiting module.
Vladimir Homutov <vl@nginx.com>
parents:
6175
diff
changeset
|
156 } |
0dcef374b8bb
Stream: connection limiting module.
Vladimir Homutov <vl@nginx.com>
parents:
6175
diff
changeset
|
157 } |
0dcef374b8bb
Stream: connection limiting module.
Vladimir Homutov <vl@nginx.com>
parents:
6175
diff
changeset
|
158 |
6175 | 159 if (cmcf->access_handler) { |
160 rc = cmcf->access_handler(s); | |
161 | |
162 if (rc != NGX_OK && rc != NGX_DECLINED) { | |
163 ngx_stream_close_connection(c); | |
164 return; | |
165 } | |
166 } | |
167 | |
6115 | 168 #if (NGX_STREAM_SSL) |
169 { | |
170 ngx_stream_ssl_conf_t *sslcf; | |
171 | |
172 sslcf = ngx_stream_get_module_srv_conf(s, ngx_stream_ssl_module); | |
173 | |
174 if (addr_conf->ssl) { | |
175 c->log->action = "SSL handshaking"; | |
176 | |
177 if (sslcf->ssl.ctx == NULL) { | |
178 ngx_log_error(NGX_LOG_ERR, c->log, 0, | |
179 "no \"ssl_certificate\" is defined " | |
180 "in server listening on SSL port"); | |
181 ngx_stream_close_connection(c); | |
182 return; | |
183 } | |
184 | |
185 ngx_stream_ssl_init_connection(&sslcf->ssl, c); | |
186 return; | |
187 } | |
188 } | |
189 #endif | |
190 | |
191 ngx_stream_init_session(c); | |
192 } | |
193 | |
194 | |
195 static void | |
196 ngx_stream_init_session(ngx_connection_t *c) | |
197 { | |
198 ngx_stream_session_t *s; | |
199 ngx_stream_core_srv_conf_t *cscf; | |
200 | |
201 s = c->data; | |
202 c->log->action = "handling client connection"; | |
203 | |
204 cscf = ngx_stream_get_module_srv_conf(s, ngx_stream_core_module); | |
205 | |
206 s->ctx = ngx_pcalloc(c->pool, sizeof(void *) * ngx_stream_max_module); | |
207 if (s->ctx == NULL) { | |
208 ngx_stream_close_connection(c); | |
209 return; | |
210 } | |
211 | |
212 cscf->handler(s); | |
213 } | |
214 | |
215 | |
216 #if (NGX_STREAM_SSL) | |
217 | |
218 static void | |
219 ngx_stream_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c) | |
220 { | |
221 ngx_stream_session_t *s; | |
222 ngx_stream_ssl_conf_t *sslcf; | |
223 | |
224 if (ngx_ssl_create_connection(ssl, c, 0) == NGX_ERROR) { | |
225 ngx_stream_close_connection(c); | |
226 return; | |
227 } | |
228 | |
229 if (ngx_ssl_handshake(c) == NGX_AGAIN) { | |
230 | |
231 s = c->data; | |
232 | |
233 sslcf = ngx_stream_get_module_srv_conf(s, ngx_stream_ssl_module); | |
234 | |
235 ngx_add_timer(c->read, sslcf->handshake_timeout); | |
236 | |
237 c->ssl->handler = ngx_stream_ssl_handshake_handler; | |
238 | |
239 return; | |
240 } | |
241 | |
242 ngx_stream_ssl_handshake_handler(c); | |
243 } | |
244 | |
245 | |
246 static void | |
247 ngx_stream_ssl_handshake_handler(ngx_connection_t *c) | |
248 { | |
249 if (!c->ssl->handshaked) { | |
250 ngx_stream_close_connection(c); | |
251 return; | |
252 } | |
253 | |
254 if (c->read->timer_set) { | |
255 ngx_del_timer(c->read); | |
256 } | |
257 | |
258 ngx_stream_init_session(c); | |
259 } | |
260 | |
261 #endif | |
262 | |
263 | |
264 void | |
265 ngx_stream_close_connection(ngx_connection_t *c) | |
266 { | |
267 ngx_pool_t *pool; | |
268 | |
269 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, c->log, 0, | |
270 "close stream connection: %d", c->fd); | |
271 | |
272 #if (NGX_STREAM_SSL) | |
273 | |
274 if (c->ssl) { | |
275 if (ngx_ssl_shutdown(c) == NGX_AGAIN) { | |
276 c->ssl->handler = ngx_stream_close_connection; | |
277 return; | |
278 } | |
279 } | |
280 | |
281 #endif | |
282 | |
283 #if (NGX_STAT_STUB) | |
284 (void) ngx_atomic_fetch_add(ngx_stat_active, -1); | |
285 #endif | |
286 | |
287 pool = c->pool; | |
288 | |
289 ngx_close_connection(c); | |
290 | |
291 ngx_destroy_pool(pool); | |
292 } | |
293 | |
294 | |
295 static u_char * | |
296 ngx_stream_log_error(ngx_log_t *log, u_char *buf, size_t len) | |
297 { | |
298 u_char *p; | |
299 ngx_stream_session_t *s; | |
300 | |
301 if (log->action) { | |
302 p = ngx_snprintf(buf, len, " while %s", log->action); | |
303 len -= p - buf; | |
304 buf = p; | |
305 } | |
306 | |
307 s = log->data; | |
308 | |
309 p = ngx_snprintf(buf, len, ", client: %V, server: %V", | |
310 &s->connection->addr_text, | |
311 &s->connection->listening->addr_text); | |
312 | |
313 if (s->log_handler) { | |
314 return s->log_handler(log, p, len); | |
315 } | |
316 | |
317 return p; | |
318 } |