Mercurial > hg > nginx
annotate src/http/modules/ngx_http_realip_module.c @ 4727:1c7616100797 stable-1.2
Merge of r4688, r4689, r4706:
*) Mp4: fixed non-keyframe seeks in some cases (ticket #175).
Number of entries in stsc atom was wrong if we've added an entry to
split a chunk.
Additionally, there is no need to add an entry if we are going to split
last chunk in an entry, it's enough to update the entry we already have.
Previously new entry was added and old one was left as is, resulting in
incorrect entry with zero chunks which might confuse some software.
*) Mp4: fixed streaming if moov atom is at buffer edge.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Mon, 02 Jul 2012 16:56:53 +0000 |
| parents | ba2c7463ce18 |
| children | f7fe817c92a2 |
| rev | line source |
|---|---|
| 573 | 1 |
| 2 /* | |
| 3 * Copyright (C) Igor Sysoev | |
| 4412 | 4 * Copyright (C) Nginx, Inc. |
| 573 | 5 */ |
| 6 | |
| 7 | |
| 8 #include <ngx_config.h> | |
| 9 #include <ngx_core.h> | |
| 10 #include <ngx_http.h> | |
| 11 | |
| 12 | |
|
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
13 #define NGX_HTTP_REALIP_XREALIP 0 |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
14 #define NGX_HTTP_REALIP_XFWD 1 |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
15 #define NGX_HTTP_REALIP_HEADER 2 |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
16 |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
17 |
| 573 | 18 typedef struct { |
|
4668
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
19 ngx_array_t *from; /* array of ngx_cidr_t */ |
|
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
20 ngx_uint_t type; |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
21 ngx_uint_t hash; |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
22 ngx_str_t header; |
|
4668
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
23 ngx_flag_t recursive; |
| 573 | 24 } ngx_http_realip_loc_conf_t; |
| 25 | |
| 26 | |
|
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
27 typedef struct { |
| 3274 | 28 ngx_connection_t *connection; |
| 29 struct sockaddr *sockaddr; | |
| 30 socklen_t socklen; | |
| 31 ngx_str_t addr_text; | |
|
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
32 } ngx_http_realip_ctx_t; |
|
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
33 |
|
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
34 |
| 573 | 35 static ngx_int_t ngx_http_realip_handler(ngx_http_request_t *r); |
|
4668
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
36 static ngx_int_t ngx_http_realip_set_addr(ngx_http_request_t *r, |
|
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
37 ngx_addr_t *addr); |
|
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
38 static void ngx_http_realip_cleanup(void *data); |
| 573 | 39 static char *ngx_http_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, |
| 40 void *conf); | |
|
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
41 static char *ngx_http_realip(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); |
| 573 | 42 static void *ngx_http_realip_create_loc_conf(ngx_conf_t *cf); |
| 43 static char *ngx_http_realip_merge_loc_conf(ngx_conf_t *cf, | |
| 44 void *parent, void *child); | |
| 681 | 45 static ngx_int_t ngx_http_realip_init(ngx_conf_t *cf); |
| 573 | 46 |
| 47 | |
| 48 static ngx_command_t ngx_http_realip_commands[] = { | |
| 49 | |
| 50 { ngx_string("set_real_ip_from"), | |
| 51 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
| 52 ngx_http_realip_from, | |
| 53 NGX_HTTP_LOC_CONF_OFFSET, | |
| 54 0, | |
| 55 NULL }, | |
| 56 | |
| 57 { ngx_string("real_ip_header"), | |
| 58 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
|
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
59 ngx_http_realip, |
| 573 | 60 NGX_HTTP_LOC_CONF_OFFSET, |
|
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
61 0, |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
62 NULL }, |
| 573 | 63 |
|
4668
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
64 { ngx_string("real_ip_recursive"), |
|
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
65 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, |
|
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
66 ngx_conf_set_flag_slot, |
|
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
67 NGX_HTTP_LOC_CONF_OFFSET, |
|
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
68 offsetof(ngx_http_realip_loc_conf_t, recursive), |
|
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
69 NULL }, |
|
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
70 |
| 573 | 71 ngx_null_command |
| 72 }; | |
| 73 | |
| 74 | |
| 75 | |
| 667 | 76 static ngx_http_module_t ngx_http_realip_module_ctx = { |
| 573 | 77 NULL, /* preconfiguration */ |
| 681 | 78 ngx_http_realip_init, /* postconfiguration */ |
| 573 | 79 |
| 80 NULL, /* create main configuration */ | |
| 81 NULL, /* init main configuration */ | |
| 82 | |
| 83 NULL, /* create server configuration */ | |
| 84 NULL, /* merge server configuration */ | |
| 85 | |
| 86 ngx_http_realip_create_loc_conf, /* create location configuration */ | |
| 87 ngx_http_realip_merge_loc_conf /* merge location configuration */ | |
| 88 }; | |
| 89 | |
| 90 | |
| 91 ngx_module_t ngx_http_realip_module = { | |
| 92 NGX_MODULE_V1, | |
| 93 &ngx_http_realip_module_ctx, /* module context */ | |
| 94 ngx_http_realip_commands, /* module directives */ | |
| 95 NGX_HTTP_MODULE, /* module type */ | |
| 96 NULL, /* init master */ | |
| 681 | 97 NULL, /* init module */ |
| 573 | 98 NULL, /* init process */ |
| 99 NULL, /* init thread */ | |
| 100 NULL, /* exit thread */ | |
| 101 NULL, /* exit process */ | |
| 102 NULL, /* exit master */ | |
| 103 NGX_MODULE_V1_PADDING | |
| 104 }; | |
| 105 | |
| 106 | |
| 107 static ngx_int_t | |
| 108 ngx_http_realip_handler(ngx_http_request_t *r) | |
| 109 { | |
| 110 u_char *ip, *p; | |
| 111 size_t len; | |
|
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
112 ngx_uint_t i, hash; |
|
4668
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
113 ngx_addr_t addr; |
|
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
114 ngx_list_part_t *part; |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
115 ngx_table_elt_t *header; |
|
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
116 ngx_connection_t *c; |
|
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
117 ngx_http_realip_ctx_t *ctx; |
| 573 | 118 ngx_http_realip_loc_conf_t *rlcf; |
| 119 | |
|
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
120 ctx = ngx_http_get_module_ctx(r, ngx_http_realip_module); |
|
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
121 |
|
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
122 if (ctx) { |
|
986
68c85f283043
ngx_http_realip_module must return NGX_DECLINED
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
123 return NGX_DECLINED; |
| 573 | 124 } |
| 125 | |
| 126 rlcf = ngx_http_get_module_loc_conf(r, ngx_http_realip_module); | |
| 127 | |
|
4668
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
128 if (rlcf->from == NULL) { |
|
986
68c85f283043
ngx_http_realip_module must return NGX_DECLINED
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
129 return NGX_DECLINED; |
| 573 | 130 } |
| 131 | |
|
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
132 switch (rlcf->type) { |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
133 |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
134 case NGX_HTTP_REALIP_XREALIP: |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
135 |
| 573 | 136 if (r->headers_in.x_real_ip == NULL) { |
|
986
68c85f283043
ngx_http_realip_module must return NGX_DECLINED
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
137 return NGX_DECLINED; |
| 573 | 138 } |
| 139 | |
| 140 len = r->headers_in.x_real_ip->value.len; | |
| 141 ip = r->headers_in.x_real_ip->value.data; | |
| 142 | |
|
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
143 break; |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
144 |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
145 case NGX_HTTP_REALIP_XFWD: |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
146 |
| 573 | 147 if (r->headers_in.x_forwarded_for == NULL) { |
|
986
68c85f283043
ngx_http_realip_module must return NGX_DECLINED
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
148 return NGX_DECLINED; |
| 573 | 149 } |
| 150 | |
| 151 len = r->headers_in.x_forwarded_for->value.len; | |
| 152 ip = r->headers_in.x_forwarded_for->value.data; | |
| 153 | |
|
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
154 break; |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
155 |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
156 default: /* NGX_HTTP_REALIP_HEADER */ |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
157 |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
158 part = &r->headers_in.headers.part; |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
159 header = part->elts; |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
160 |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
161 hash = rlcf->hash; |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
162 len = rlcf->header.len; |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
163 p = rlcf->header.data; |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
164 |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
165 for (i = 0; /* void */ ; i++) { |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
166 |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
167 if (i >= part->nelts) { |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
168 if (part->next == NULL) { |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
169 break; |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
170 } |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
171 |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
172 part = part->next; |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
173 header = part->elts; |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
174 i = 0; |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
175 } |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
176 |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
177 if (hash == header[i].hash |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
178 && len == header[i].key.len |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
179 && ngx_strncmp(p, header[i].lowcase_key, len) == 0) |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
180 { |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
181 len = header[i].value.len; |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
182 ip = header[i].value.data; |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
183 |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
184 goto found; |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
185 } |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
186 } |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
187 |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
188 return NGX_DECLINED; |
| 573 | 189 } |
| 190 | |
|
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
191 found: |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
192 |
|
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
193 c = r->connection; |
|
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
194 |
|
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
195 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, "realip: \"%s\"", ip); |
|
1114
3f354952e91d
fix broken values, debug logging, and style fix
Igor Sysoev <igor@sysoev.ru>
parents:
986
diff
changeset
|
196 |
|
4668
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
197 addr.sockaddr = c->sockaddr; |
|
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
198 addr.socklen = c->socklen; |
|
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
199 /* addr.name = c->addr_text; */ |
| 3274 | 200 |
|
4668
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
201 if (ngx_http_get_forwarded_addr(r, &addr, ip, len, rlcf->from, |
|
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
202 rlcf->recursive) |
|
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
203 == NGX_OK) |
|
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
204 { |
|
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
205 return ngx_http_realip_set_addr(r, &addr); |
| 3274 | 206 } |
| 207 | |
| 208 return NGX_DECLINED; | |
| 209 } | |
| 210 | |
| 573 | 211 |
| 3274 | 212 static ngx_int_t |
|
4668
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
213 ngx_http_realip_set_addr(ngx_http_request_t *r, ngx_addr_t *addr) |
| 3274 | 214 { |
|
4668
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
215 size_t len; |
| 3274 | 216 u_char *p; |
|
4668
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
217 u_char text[NGX_SOCKADDR_STRLEN]; |
| 3274 | 218 ngx_connection_t *c; |
| 219 ngx_pool_cleanup_t *cln; | |
| 220 ngx_http_realip_ctx_t *ctx; | |
| 573 | 221 |
| 3274 | 222 cln = ngx_pool_cleanup_add(r->pool, sizeof(ngx_http_realip_ctx_t)); |
| 223 if (cln == NULL) { | |
| 224 return NGX_HTTP_INTERNAL_SERVER_ERROR; | |
| 225 } | |
|
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
226 |
| 3274 | 227 ctx = cln->data; |
| 228 ngx_http_set_ctx(r, ctx, ngx_http_realip_module); | |
|
1114
3f354952e91d
fix broken values, debug logging, and style fix
Igor Sysoev <igor@sysoev.ru>
parents:
986
diff
changeset
|
229 |
| 3274 | 230 c = r->connection; |
| 231 | |
|
4668
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
232 len = ngx_sock_ntop(addr->sockaddr, text, NGX_SOCKADDR_STRLEN, 0); |
|
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
233 if (len == 0) { |
| 3274 | 234 return NGX_HTTP_INTERNAL_SERVER_ERROR; |
| 235 } | |
|
1114
3f354952e91d
fix broken values, debug logging, and style fix
Igor Sysoev <igor@sysoev.ru>
parents:
986
diff
changeset
|
236 |
| 3274 | 237 p = ngx_pnalloc(c->pool, len); |
| 238 if (p == NULL) { | |
| 239 return NGX_HTTP_INTERNAL_SERVER_ERROR; | |
| 240 } | |
|
1118
cec2866f29bd
a client address must be allocated from a connection pool
Igor Sysoev <igor@sysoev.ru>
parents:
1114
diff
changeset
|
241 |
|
4668
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
242 ngx_memcpy(p, text, len); |
|
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
243 |
| 3274 | 244 cln->handler = ngx_http_realip_cleanup; |
|
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
245 |
| 3274 | 246 ctx->connection = c; |
| 247 ctx->sockaddr = c->sockaddr; | |
| 248 ctx->socklen = c->socklen; | |
| 249 ctx->addr_text = c->addr_text; | |
| 573 | 250 |
|
4668
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
251 c->sockaddr = addr->sockaddr; |
|
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
252 c->socklen = addr->socklen; |
| 3274 | 253 c->addr_text.len = len; |
| 254 c->addr_text.data = p; | |
| 573 | 255 |
|
986
68c85f283043
ngx_http_realip_module must return NGX_DECLINED
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
256 return NGX_DECLINED; |
| 573 | 257 } |
| 258 | |
| 259 | |
|
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
260 static void |
|
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
261 ngx_http_realip_cleanup(void *data) |
|
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
262 { |
|
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
263 ngx_http_realip_ctx_t *ctx = data; |
|
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
264 |
|
3273
fe71be4a02f1
support IPv6 addresses in Real IP headers
Igor Sysoev <igor@sysoev.ru>
parents:
3267
diff
changeset
|
265 ngx_connection_t *c; |
|
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
266 |
|
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
267 c = ctx->connection; |
|
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
268 |
|
3273
fe71be4a02f1
support IPv6 addresses in Real IP headers
Igor Sysoev <igor@sysoev.ru>
parents:
3267
diff
changeset
|
269 c->sockaddr = ctx->sockaddr; |
|
fe71be4a02f1
support IPv6 addresses in Real IP headers
Igor Sysoev <igor@sysoev.ru>
parents:
3267
diff
changeset
|
270 c->socklen = ctx->socklen; |
|
2176
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
271 c->addr_text = ctx->addr_text; |
|
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
272 } |
|
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
273 |
|
29d26406e1bd
restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
274 |
| 573 | 275 static char * |
| 276 ngx_http_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
| 277 { | |
| 278 ngx_http_realip_loc_conf_t *rlcf = conf; | |
| 279 | |
|
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
280 ngx_int_t rc; |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
281 ngx_str_t *value; |
|
4668
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
282 ngx_cidr_t *cidr; |
| 573 | 283 |
| 3274 | 284 value = cf->args->elts; |
| 285 | |
|
4668
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
286 if (rlcf->from == NULL) { |
|
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
287 rlcf->from = ngx_array_create(cf->pool, 2, |
|
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
288 sizeof(ngx_cidr_t)); |
|
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
289 if (rlcf->from == NULL) { |
|
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
290 return NGX_CONF_ERROR; |
|
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
291 } |
|
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
292 } |
|
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
293 |
|
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
294 cidr = ngx_array_push(rlcf->from); |
|
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
295 if (cidr == NULL) { |
|
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
296 return NGX_CONF_ERROR; |
|
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
297 } |
|
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
298 |
| 3274 | 299 #if (NGX_HAVE_UNIX_DOMAIN) |
| 300 | |
| 301 if (ngx_strcmp(value[1].data, "unix:") == 0) { | |
|
4668
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
302 cidr->family = AF_UNIX; |
| 3274 | 303 return NGX_CONF_OK; |
| 304 } | |
| 305 | |
| 306 #endif | |
| 307 | |
|
4668
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
308 rc = ngx_ptocidr(&value[1], cidr); |
|
1380
b590a528fd41
ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents:
1118
diff
changeset
|
309 |
|
b590a528fd41
ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents:
1118
diff
changeset
|
310 if (rc == NGX_ERROR) { |
| 573 | 311 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"", |
| 312 &value[1]); | |
| 313 return NGX_CONF_ERROR; | |
| 314 } | |
| 315 | |
|
1380
b590a528fd41
ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents:
1118
diff
changeset
|
316 if (rc == NGX_DONE) { |
|
b590a528fd41
ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents:
1118
diff
changeset
|
317 ngx_conf_log_error(NGX_LOG_WARN, cf, 0, |
|
b590a528fd41
ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents:
1118
diff
changeset
|
318 "low address bits of %V are meaningless", &value[1]); |
|
b590a528fd41
ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents:
1118
diff
changeset
|
319 } |
|
b590a528fd41
ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents:
1118
diff
changeset
|
320 |
| 573 | 321 return NGX_CONF_OK; |
| 322 } | |
| 323 | |
| 324 | |
|
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
325 static char * |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
326 ngx_http_realip(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
327 { |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
328 ngx_http_realip_loc_conf_t *rlcf = conf; |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
329 |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
330 ngx_str_t *value; |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
331 |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
332 value = cf->args->elts; |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
333 |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
334 if (ngx_strcmp(value[1].data, "X-Real-IP") == 0) { |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
335 rlcf->type = NGX_HTTP_REALIP_XREALIP; |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
336 return NGX_CONF_OK; |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
337 } |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
338 |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
339 if (ngx_strcmp(value[1].data, "X-Forwarded-For") == 0) { |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
340 rlcf->type = NGX_HTTP_REALIP_XFWD; |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
341 return NGX_CONF_OK; |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
342 } |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
343 |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
344 rlcf->type = NGX_HTTP_REALIP_HEADER; |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
345 rlcf->hash = ngx_hash_strlow(value[1].data, value[1].data, value[1].len); |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
346 rlcf->header = value[1]; |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
347 |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
348 return NGX_CONF_OK; |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
349 } |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
350 |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
351 |
| 573 | 352 static void * |
| 353 ngx_http_realip_create_loc_conf(ngx_conf_t *cf) | |
| 354 { | |
| 355 ngx_http_realip_loc_conf_t *conf; | |
| 356 | |
| 357 conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_realip_loc_conf_t)); | |
| 358 if (conf == NULL) { | |
|
2912
c7d57b539248
return NULL instead of NGX_CONF_ERROR on a create conf failure
Igor Sysoev <igor@sysoev.ru>
parents:
2537
diff
changeset
|
359 return NULL; |
| 573 | 360 } |
| 361 | |
| 362 /* | |
| 363 * set by ngx_pcalloc(): | |
| 364 * | |
| 365 * conf->from = NULL; | |
|
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
366 * conf->hash = 0; |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
367 * conf->header = { 0, NULL }; |
| 573 | 368 */ |
| 369 | |
|
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
370 conf->type = NGX_CONF_UNSET_UINT; |
|
4668
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
371 conf->recursive = NGX_CONF_UNSET; |
| 573 | 372 |
| 373 return conf; | |
| 374 } | |
| 375 | |
| 376 | |
| 377 static char * | |
| 378 ngx_http_realip_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child) | |
| 379 { | |
| 380 ngx_http_realip_loc_conf_t *prev = parent; | |
| 381 ngx_http_realip_loc_conf_t *conf = child; | |
| 382 | |
| 383 if (conf->from == NULL) { | |
| 384 conf->from = prev->from; | |
|
3305
8017f9bda3f6
fix "set_real_ip_from unix:" inheritance
Igor Sysoev <igor@sysoev.ru>
parents:
3291
diff
changeset
|
385 } |
|
8017f9bda3f6
fix "set_real_ip_from unix:" inheritance
Igor Sysoev <igor@sysoev.ru>
parents:
3291
diff
changeset
|
386 |
|
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
387 ngx_conf_merge_uint_value(conf->type, prev->type, NGX_HTTP_REALIP_XREALIP); |
|
4668
ba2c7463ce18
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4562
diff
changeset
|
388 ngx_conf_merge_value(conf->recursive, prev->recursive, 0); |
|
2257
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
389 |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
390 if (conf->header.len == 0) { |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
391 conf->hash = prev->hash; |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
392 conf->header = prev->header; |
|
74d270c8821e
real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
393 } |
| 573 | 394 |
| 395 return NGX_CONF_OK; | |
| 396 } | |
| 397 | |
| 398 | |
| 399 static ngx_int_t | |
| 681 | 400 ngx_http_realip_init(ngx_conf_t *cf) |
| 573 | 401 { |
| 402 ngx_http_handler_pt *h; | |
| 403 ngx_http_core_main_conf_t *cmcf; | |
| 404 | |
| 681 | 405 cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module); |
| 573 | 406 |
| 407 h = ngx_array_push(&cmcf->phases[NGX_HTTP_POST_READ_PHASE].handlers); | |
| 408 if (h == NULL) { | |
| 409 return NGX_ERROR; | |
| 410 } | |
| 411 | |
| 412 *h = ngx_http_realip_handler; | |
| 413 | |
| 581 | 414 h = ngx_array_push(&cmcf->phases[NGX_HTTP_PREACCESS_PHASE].handlers); |
| 573 | 415 if (h == NULL) { |
| 416 return NGX_ERROR; | |
| 417 } | |
| 418 | |
| 419 *h = ngx_http_realip_handler; | |
| 420 | |
| 421 return NGX_OK; | |
| 422 } |