Mercurial > hg > nginx
annotate src/core/ngx_proxy_protocol.c @ 7251:416953ef0428
Core: added processing of version 2 of the PROXY protocol.
The protocol used on inbound connection is auto-detected and corresponding
parser is used to extract passed addresses. TLV parameters are ignored.
The maximum supported size of PROXY protocol header is 107 bytes
(similar to version 1).
| author | Vladimir Homutov <vl@nginx.com> |
|---|---|
| date | Thu, 22 Mar 2018 15:55:28 +0300 |
| parents | b3b7e33083ac |
| children | 7bdab16c55f1 |
| rev | line source |
|---|---|
|
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
1 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
2 /* |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
3 * Copyright (C) Roman Arutyunyan |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
4 * Copyright (C) Nginx, Inc. |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
5 */ |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
6 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
7 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
8 #include <ngx_config.h> |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
9 #include <ngx_core.h> |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
10 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
11 |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
12 #define NGX_PP_V2_SIGLEN 12 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
13 #define NGX_PP_V2_CMD_PROXY 1 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
14 #define NGX_PP_V2_STREAM 1 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
15 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
16 #define NGX_PP_V2_AF_UNSPEC 0 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
17 #define NGX_PP_V2_AF_INET 1 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
18 #define NGX_PP_V2_AF_INET6 2 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
19 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
20 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
21 #define ngx_pp_v2_get_u16(p) \ |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
22 ( ((uint16_t) ((u_char *) (p))[0] << 8) \ |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
23 + ( ((u_char *) (p))[1]) ) |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
24 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
25 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
26 typedef struct { |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
27 u_char signature[NGX_PP_V2_SIGLEN]; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
28 u_char ver_cmd; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
29 u_char fam_transp; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
30 u_char len[2]; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
31 } ngx_pp_v2_header_t; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
32 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
33 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
34 typedef struct { |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
35 u_char src[4]; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
36 u_char dst[4]; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
37 u_char sport[2]; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
38 u_char dport[2]; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
39 } ngx_pp_v2_inet_addrs_t; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
40 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
41 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
42 typedef struct { |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
43 u_char src[16]; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
44 u_char dst[16]; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
45 u_char sport[2]; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
46 u_char dport[2]; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
47 } ngx_pp_v2_inet6_addrs_t; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
48 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
49 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
50 typedef union { |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
51 ngx_pp_v2_inet_addrs_t inet; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
52 ngx_pp_v2_inet6_addrs_t inet6; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
53 } ngx_pp_v2_addrs_t; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
54 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
55 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
56 static u_char *ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf, |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
57 u_char *last); |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
58 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
59 static const u_char ngx_pp_v2_signature[NGX_PP_V2_SIGLEN] = |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
60 { 0x0D, 0x0A, 0x0D, 0x0A, 0x00, 0x0D, 0x0A, 0x51, 0x55, 0x49, 0x54, 0x0A }; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
61 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
62 |
|
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
63 u_char * |
|
6185
a420cb1c170b
Core: renamed ngx_proxy_protocol_parse to ngx_proxy_protocol_read.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
64 ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf, u_char *last) |
|
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
65 { |
|
6561
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
66 size_t len; |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
67 u_char ch, *p, *addr, *port; |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
68 ngx_int_t n; |
|
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
69 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
70 p = buf; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
71 len = last - buf; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
72 |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
73 if (len >= sizeof(ngx_pp_v2_header_t) |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
74 && memcmp(p, ngx_pp_v2_signature, NGX_PP_V2_SIGLEN) == 0) |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
75 { |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
76 return ngx_proxy_protocol_v2_read(c, buf, last); |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
77 } |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
78 |
|
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
79 if (len < 8 || ngx_strncmp(p, "PROXY ", 6) != 0) { |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
80 goto invalid; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
81 } |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
82 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
83 p += 6; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
84 len -= 6; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
85 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
86 if (len >= 7 && ngx_strncmp(p, "UNKNOWN", 7) == 0) { |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
87 ngx_log_debug0(NGX_LOG_DEBUG_CORE, c->log, 0, |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
88 "PROXY protocol unknown protocol"); |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
89 p += 7; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
90 goto skip; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
91 } |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
92 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
93 if (len < 5 || ngx_strncmp(p, "TCP", 3) != 0 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
94 || (p[3] != '4' && p[3] != '6') || p[4] != ' ') |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
95 { |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
96 goto invalid; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
97 } |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
98 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
99 p += 5; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
100 addr = p; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
101 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
102 for ( ;; ) { |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
103 if (p == last) { |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
104 goto invalid; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
105 } |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
106 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
107 ch = *p++; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
108 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
109 if (ch == ' ') { |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
110 break; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
111 } |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
112 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
113 if (ch != ':' && ch != '.' |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
114 && (ch < 'a' || ch > 'f') |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
115 && (ch < 'A' || ch > 'F') |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
116 && (ch < '0' || ch > '9')) |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
117 { |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
118 goto invalid; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
119 } |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
120 } |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
121 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
122 len = p - addr - 1; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
123 c->proxy_protocol_addr.data = ngx_pnalloc(c->pool, len); |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
124 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
125 if (c->proxy_protocol_addr.data == NULL) { |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
126 return NULL; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
127 } |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
128 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
129 ngx_memcpy(c->proxy_protocol_addr.data, addr, len); |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
130 c->proxy_protocol_addr.len = len; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
131 |
|
6561
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
132 for ( ;; ) { |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
133 if (p == last) { |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
134 goto invalid; |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
135 } |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
136 |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
137 if (*p++ == ' ') { |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
138 break; |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
139 } |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
140 } |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
141 |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
142 port = p; |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
143 |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
144 for ( ;; ) { |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
145 if (p == last) { |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
146 goto invalid; |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
147 } |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
148 |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
149 if (*p++ == ' ') { |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
150 break; |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
151 } |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
152 } |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
153 |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
154 len = p - port - 1; |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
155 |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
156 n = ngx_atoi(port, len); |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
157 |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
158 if (n < 0 || n > 65535) { |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
159 goto invalid; |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
160 } |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
161 |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
162 c->proxy_protocol_port = (in_port_t) n; |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
163 |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
164 ngx_log_debug2(NGX_LOG_DEBUG_CORE, c->log, 0, |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
165 "PROXY protocol address: %V %i", &c->proxy_protocol_addr, n); |
|
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
166 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
167 skip: |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
168 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
169 for ( /* void */ ; p < last - 1; p++) { |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
170 if (p[0] == CR && p[1] == LF) { |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
171 return p + 2; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
172 } |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
173 } |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
174 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
175 invalid: |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
176 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
177 ngx_log_error(NGX_LOG_ERR, c->log, 0, |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
178 "broken header: \"%*s\"", (size_t) (last - buf), buf); |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
179 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
180 return NULL; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
181 } |
|
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
182 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
183 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
184 u_char * |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
185 ngx_proxy_protocol_write(ngx_connection_t *c, u_char *buf, u_char *last) |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
186 { |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
187 ngx_uint_t port, lport; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
188 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
189 if (last - buf < NGX_PROXY_PROTOCOL_MAX_HEADER) { |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
190 return NULL; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
191 } |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
192 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
193 if (ngx_connection_local_sockaddr(c, NULL, 0) != NGX_OK) { |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
194 return NULL; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
195 } |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
196 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
197 switch (c->sockaddr->sa_family) { |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
198 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
199 case AF_INET: |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
200 buf = ngx_cpymem(buf, "PROXY TCP4 ", sizeof("PROXY TCP4 ") - 1); |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
201 break; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
202 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
203 #if (NGX_HAVE_INET6) |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
204 case AF_INET6: |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
205 buf = ngx_cpymem(buf, "PROXY TCP6 ", sizeof("PROXY TCP6 ") - 1); |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
206 break; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
207 #endif |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
208 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
209 default: |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
210 return ngx_cpymem(buf, "PROXY UNKNOWN" CRLF, |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
211 sizeof("PROXY UNKNOWN" CRLF) - 1); |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
212 } |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
213 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
214 buf += ngx_sock_ntop(c->sockaddr, c->socklen, buf, last - buf, 0); |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
215 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
216 *buf++ = ' '; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
217 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
218 buf += ngx_sock_ntop(c->local_sockaddr, c->local_socklen, buf, last - buf, |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
219 0); |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
220 |
|
6593
b3b7e33083ac
Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
Roman Arutyunyan <arut@nginx.com>
parents:
6561
diff
changeset
|
221 port = ngx_inet_get_port(c->sockaddr); |
|
b3b7e33083ac
Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
Roman Arutyunyan <arut@nginx.com>
parents:
6561
diff
changeset
|
222 lport = ngx_inet_get_port(c->local_sockaddr); |
|
b3b7e33083ac
Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
Roman Arutyunyan <arut@nginx.com>
parents:
6561
diff
changeset
|
223 |
|
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
224 return ngx_slprintf(buf, last, " %ui %ui" CRLF, port, lport); |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
225 } |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
226 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
227 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
228 static u_char * |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
229 ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf, u_char *last) |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
230 { |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
231 u_char *end; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
232 size_t len; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
233 socklen_t socklen; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
234 ngx_str_t *name; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
235 ngx_uint_t ver, cmd, family, transport; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
236 ngx_sockaddr_t sockaddr; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
237 ngx_pp_v2_addrs_t *addrs; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
238 ngx_pp_v2_header_t *hdr; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
239 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
240 hdr = (ngx_pp_v2_header_t *) buf; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
241 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
242 buf += sizeof(ngx_pp_v2_header_t); |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
243 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
244 ver = hdr->ver_cmd >> 4; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
245 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
246 if (ver != 2) { |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
247 ngx_log_error(NGX_LOG_ERR, c->log, 0, |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
248 "unsupported PROXY protocol version: %ui", ver); |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
249 return NULL; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
250 } |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
251 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
252 len = ngx_pp_v2_get_u16(hdr->len); |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
253 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
254 if ((size_t) (last - buf) < len) { |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
255 ngx_log_error(NGX_LOG_ERR, c->log, 0, "header is too large"); |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
256 return NULL; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
257 } |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
258 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
259 end = buf + len; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
260 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
261 cmd = hdr->ver_cmd & 0x0F; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
262 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
263 if (cmd != NGX_PP_V2_CMD_PROXY) { |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
264 ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0, |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
265 "PROXY protocol v2 unsupported cmd 0x%xi", cmd); |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
266 return end; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
267 } |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
268 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
269 transport = hdr->fam_transp & 0x0F; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
270 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
271 if (transport != NGX_PP_V2_STREAM) { |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
272 ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0, |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
273 "PROXY protocol v2 unsupported transport 0x%xi", |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
274 transport); |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
275 return end; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
276 } |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
277 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
278 family = hdr->fam_transp >> 4; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
279 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
280 addrs = (ngx_pp_v2_addrs_t *) buf; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
281 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
282 switch (family) { |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
283 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
284 case NGX_PP_V2_AF_UNSPEC: |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
285 ngx_log_debug0(NGX_LOG_DEBUG_CORE, c->log, 0, |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
286 "PROXY protocol v2 AF_UNSPEC ignored"); |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
287 return end; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
288 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
289 case NGX_PP_V2_AF_INET: |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
290 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
291 if ((size_t) (end - buf) < sizeof(ngx_pp_v2_inet_addrs_t)) { |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
292 return NULL; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
293 } |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
294 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
295 sockaddr.sockaddr_in.sin_family = AF_INET; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
296 sockaddr.sockaddr_in.sin_port = 0; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
297 memcpy(&sockaddr.sockaddr_in.sin_addr, addrs->inet.src, 4); |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
298 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
299 c->proxy_protocol_port = ngx_pp_v2_get_u16(addrs->inet.sport); |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
300 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
301 socklen = sizeof(struct sockaddr_in); |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
302 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
303 buf += sizeof(ngx_pp_v2_inet_addrs_t); |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
304 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
305 break; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
306 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
307 #if (NGX_HAVE_INET6) |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
308 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
309 case NGX_PP_V2_AF_INET6: |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
310 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
311 if ((size_t) (end - buf) < sizeof(ngx_pp_v2_inet6_addrs_t)) { |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
312 return NULL; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
313 } |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
314 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
315 sockaddr.sockaddr_in6.sin6_family = AF_INET6; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
316 sockaddr.sockaddr_in6.sin6_port = 0; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
317 memcpy(&sockaddr.sockaddr_in6.sin6_addr, addrs->inet6.src, 16); |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
318 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
319 c->proxy_protocol_port = ngx_pp_v2_get_u16(addrs->inet6.sport); |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
320 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
321 socklen = sizeof(struct sockaddr_in6); |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
322 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
323 buf += sizeof(ngx_pp_v2_inet6_addrs_t); |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
324 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
325 break; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
326 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
327 #endif |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
328 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
329 default: |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
330 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
331 ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0, |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
332 "PROXY_protocol v2 unsupported address family " |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
333 "0x%xi", family); |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
334 return end; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
335 } |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
336 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
337 name = &c->proxy_protocol_addr; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
338 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
339 name->data = ngx_pnalloc(c->pool, NGX_SOCKADDR_STRLEN); |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
340 if (name->data == NULL) { |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
341 return NULL; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
342 } |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
343 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
344 name->len = ngx_sock_ntop(&sockaddr.sockaddr, socklen, name->data, |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
345 NGX_SOCKADDR_STRLEN, 0); |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
346 if (name->len == 0) { |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
347 return NULL; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
348 } |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
349 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
350 ngx_log_debug2(NGX_LOG_DEBUG_CORE, c->log, 0, |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
351 "PROXY protocol v2 address: %V %i", name, |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
352 (ngx_int_t) c->proxy_protocol_port); |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
353 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
354 if (buf < end) { |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
355 ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0, |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
356 "PROXY protocol v2 %z bytes tlv ignored", end - buf); |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
357 } |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
358 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
359 return end; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
360 } |