nginx: src/stream/ngx_stream_access

annotate src/stream/ngx_stream_access_module.c @ 7690:8253424d1aff

Added size check to ngx_http_alloc_large_header_buffer(). This ensures that copying won't write more than the buffer size even if the buffer comes from hc->free and it is smaller than the large client header buffer size in the virtual host configuration. This might happen if size of large client header buffers is different in name-based virtual hosts, similarly to the problem with number of buffers fixed in 6926:e662cbf1b932.

author	Maxim Dounin <mdounin@mdounin.ru>
date	Thu, 06 Aug 2020 05:02:22 +0300
parents	72188d1bcab5
children

rev	line source
6175 8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	2 /*
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	3 * Copyright (C) Igor Sysoev
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	4 * Copyright (C) Nginx, Inc.
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	5 */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	6
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	7
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	8 #include <ngx_config.h>
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	9 #include <ngx_core.h>
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	10 #include <ngx_stream.h>
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	11
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	12
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	13 typedef struct {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	14 in_addr_t mask;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	15 in_addr_t addr;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	16 ngx_uint_t deny; /* unsigned deny:1; */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	17 } ngx_stream_access_rule_t;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	18
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	19 #if (NGX_HAVE_INET6)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	20
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	21 typedef struct {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	22 struct in6_addr addr;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	23 struct in6_addr mask;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	24 ngx_uint_t deny; /* unsigned deny:1; */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	25 } ngx_stream_access_rule6_t;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	26
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	27 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	28
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	29 #if (NGX_HAVE_UNIX_DOMAIN)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	30
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	31 typedef struct {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	32 ngx_uint_t deny; /* unsigned deny:1; */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	33 } ngx_stream_access_rule_un_t;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	34
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	35 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	36
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	37 typedef struct {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	38 ngx_array_t rules; / array of ngx_stream_access_rule_t */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	39 #if (NGX_HAVE_INET6)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	40 ngx_array_t rules6; / array of ngx_stream_access_rule6_t */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	41 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	42 #if (NGX_HAVE_UNIX_DOMAIN)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	43 ngx_array_t rules_un; / array of ngx_stream_access_rule_un_t */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	44 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	45 } ngx_stream_access_srv_conf_t;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	46
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	47
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	48 static ngx_int_t ngx_stream_access_handler(ngx_stream_session_t *s);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	49 static ngx_int_t ngx_stream_access_inet(ngx_stream_session_t *s,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	50 ngx_stream_access_srv_conf_t *ascf, in_addr_t addr);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	51 #if (NGX_HAVE_INET6)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	52 static ngx_int_t ngx_stream_access_inet6(ngx_stream_session_t *s,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	53 ngx_stream_access_srv_conf_t ascf, u_char p);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	54 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	55 #if (NGX_HAVE_UNIX_DOMAIN)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	56 static ngx_int_t ngx_stream_access_unix(ngx_stream_session_t *s,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	57 ngx_stream_access_srv_conf_t *ascf);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	58 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	59 static ngx_int_t ngx_stream_access_found(ngx_stream_session_t *s,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	60 ngx_uint_t deny);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	61 static char ngx_stream_access_rule(ngx_conf_t cf, ngx_command_t *cmd,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	62 void *conf);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	63 static void ngx_stream_access_create_srv_conf(ngx_conf_t cf);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	64 static char ngx_stream_access_merge_srv_conf(ngx_conf_t cf,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	65 void parent, void child);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	66 static ngx_int_t ngx_stream_access_init(ngx_conf_t *cf);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	67
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	68
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	69 static ngx_command_t ngx_stream_access_commands[] = {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	70
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	71 { ngx_string("allow"),
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	72 NGX_STREAM_MAIN_CONF\|NGX_STREAM_SRV_CONF\|NGX_CONF_TAKE1,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	73 ngx_stream_access_rule,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	74 NGX_STREAM_SRV_CONF_OFFSET,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	75 0,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	76 NULL },
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	77
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	78 { ngx_string("deny"),
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	79 NGX_STREAM_MAIN_CONF\|NGX_STREAM_SRV_CONF\|NGX_CONF_TAKE1,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	80 ngx_stream_access_rule,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	81 NGX_STREAM_SRV_CONF_OFFSET,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	82 0,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	83 NULL },
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	84
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	85 ngx_null_command
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	86 };
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	87
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	88
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	89
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	90 static ngx_stream_module_t ngx_stream_access_module_ctx = {
6606 2f41d383c9c7 Stream: added preconfiguration step. Vladimir Homutov <vl@nginx.com> parents: 6175 diff changeset	91 NULL, /* preconfiguration */
6175 8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	92 ngx_stream_access_init, /* postconfiguration */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	93
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	94 NULL, /* create main configuration */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	95 NULL, /* init main configuration */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	96
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	97 ngx_stream_access_create_srv_conf, /* create server configuration */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	98 ngx_stream_access_merge_srv_conf /* merge server configuration */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	99 };
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	100
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	101
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	102 ngx_module_t ngx_stream_access_module = {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	103 NGX_MODULE_V1,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	104 &ngx_stream_access_module_ctx, /* module context */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	105 ngx_stream_access_commands, /* module directives */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	106 NGX_STREAM_MODULE, /* module type */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	107 NULL, /* init master */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	108 NULL, /* init module */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	109 NULL, /* init process */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	110 NULL, /* init thread */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	111 NULL, /* exit thread */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	112 NULL, /* exit process */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	113 NULL, /* exit master */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	114 NGX_MODULE_V1_PADDING
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	115 };
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	116
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	117
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	118 static ngx_int_t
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	119 ngx_stream_access_handler(ngx_stream_session_t *s)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	120 {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	121 struct sockaddr_in *sin;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	122 ngx_stream_access_srv_conf_t *ascf;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	123 #if (NGX_HAVE_INET6)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	124 u_char *p;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	125 in_addr_t addr;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	126 struct sockaddr_in6 *sin6;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	127 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	128
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	129 ascf = ngx_stream_get_module_srv_conf(s, ngx_stream_access_module);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	130
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	131 switch (s->connection->sockaddr->sa_family) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	132
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	133 case AF_INET:
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	134 if (ascf->rules) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	135 sin = (struct sockaddr_in *) s->connection->sockaddr;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	136 return ngx_stream_access_inet(s, ascf, sin->sin_addr.s_addr);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	137 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	138 break;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	139
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	140 #if (NGX_HAVE_INET6)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	141
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	142 case AF_INET6:
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	143 sin6 = (struct sockaddr_in6 *) s->connection->sockaddr;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	144 p = sin6->sin6_addr.s6_addr;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	145
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	146 if (ascf->rules && IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	147 addr = p[12] << 24;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	148 addr += p[13] << 16;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	149 addr += p[14] << 8;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	150 addr += p[15];
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	151 return ngx_stream_access_inet(s, ascf, htonl(addr));
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	152 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	153
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	154 if (ascf->rules6) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	155 return ngx_stream_access_inet6(s, ascf, p);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	156 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	157
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	158 break;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	159
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	160 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	161
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	162 #if (NGX_HAVE_UNIX_DOMAIN)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	163
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	164 case AF_UNIX:
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	165 if (ascf->rules_un) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	166 return ngx_stream_access_unix(s, ascf);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	167 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	168
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	169 break;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	170
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	171 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	172 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	173
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	174 return NGX_DECLINED;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	175 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	176
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	177
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	178 static ngx_int_t
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	179 ngx_stream_access_inet(ngx_stream_session_t *s,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	180 ngx_stream_access_srv_conf_t *ascf, in_addr_t addr)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	181 {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	182 ngx_uint_t i;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	183 ngx_stream_access_rule_t *rule;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	184
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	185 rule = ascf->rules->elts;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	186 for (i = 0; i < ascf->rules->nelts; i++) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	187
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	188 ngx_log_debug3(NGX_LOG_DEBUG_STREAM, s->connection->log, 0,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	189 "access: %08XD %08XD %08XD",
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	190 addr, rule[i].mask, rule[i].addr);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	191
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	192 if ((addr & rule[i].mask) == rule[i].addr) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	193 return ngx_stream_access_found(s, rule[i].deny);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	194 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	195 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	196
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	197 return NGX_DECLINED;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	198 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	199
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	200
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	201 #if (NGX_HAVE_INET6)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	202
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	203 static ngx_int_t
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	204 ngx_stream_access_inet6(ngx_stream_session_t *s,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	205 ngx_stream_access_srv_conf_t ascf, u_char p)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	206 {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	207 ngx_uint_t n;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	208 ngx_uint_t i;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	209 ngx_stream_access_rule6_t *rule6;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	210
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	211 rule6 = ascf->rules6->elts;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	212 for (i = 0; i < ascf->rules6->nelts; i++) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	213
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	214 #if (NGX_DEBUG)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	215 {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	216 size_t cl, ml, al;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	217 u_char ct[NGX_INET6_ADDRSTRLEN];
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	218 u_char mt[NGX_INET6_ADDRSTRLEN];
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	219 u_char at[NGX_INET6_ADDRSTRLEN];
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	220
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	221 cl = ngx_inet6_ntop(p, ct, NGX_INET6_ADDRSTRLEN);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	222 ml = ngx_inet6_ntop(rule6[i].mask.s6_addr, mt, NGX_INET6_ADDRSTRLEN);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	223 al = ngx_inet6_ntop(rule6[i].addr.s6_addr, at, NGX_INET6_ADDRSTRLEN);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	224
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	225 ngx_log_debug6(NGX_LOG_DEBUG_STREAM, s->connection->log, 0,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	226 "access: %s %s %*s", cl, ct, ml, mt, al, at);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	227 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	228 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	229
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	230 for (n = 0; n < 16; n++) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	231 if ((p[n] & rule6[i].mask.s6_addr[n]) != rule6[i].addr.s6_addr[n]) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	232 goto next;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	233 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	234 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	235
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	236 return ngx_stream_access_found(s, rule6[i].deny);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	237
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	238 next:
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	239 continue;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	240 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	241
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	242 return NGX_DECLINED;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	243 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	244
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	245 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	246
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	247
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	248 #if (NGX_HAVE_UNIX_DOMAIN)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	249
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	250 static ngx_int_t
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	251 ngx_stream_access_unix(ngx_stream_session_t *s,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	252 ngx_stream_access_srv_conf_t *ascf)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	253 {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	254 ngx_uint_t i;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	255 ngx_stream_access_rule_un_t *rule_un;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	256
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	257 rule_un = ascf->rules_un->elts;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	258 for (i = 0; i < ascf->rules_un->nelts; i++) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	259
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	260 /* TODO: check path */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	261 if (1) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	262 return ngx_stream_access_found(s, rule_un[i].deny);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	263 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	264 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	265
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	266 return NGX_DECLINED;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	267 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	268
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	269 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	270
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	271
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	272 static ngx_int_t
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	273 ngx_stream_access_found(ngx_stream_session_t *s, ngx_uint_t deny)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	274 {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	275 if (deny) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	276 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	277 "access forbidden by rule");
6693 3908156a51fa Stream: phases. Roman Arutyunyan <arut@nginx.com> parents: 6606 diff changeset	278 return NGX_STREAM_FORBIDDEN;
6175 8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	279 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	280
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	281 return NGX_OK;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	282 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	283
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	284
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	285 static char *
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	286 ngx_stream_access_rule(ngx_conf_t cf, ngx_command_t cmd, void *conf)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	287 {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	288 ngx_stream_access_srv_conf_t *ascf = conf;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	289
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	290 ngx_int_t rc;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	291 ngx_uint_t all;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	292 ngx_str_t *value;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	293 ngx_cidr_t cidr;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	294 ngx_stream_access_rule_t *rule;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	295 #if (NGX_HAVE_INET6)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	296 ngx_stream_access_rule6_t *rule6;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	297 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	298 #if (NGX_HAVE_UNIX_DOMAIN)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	299 ngx_stream_access_rule_un_t *rule_un;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	300 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	301
6996 72188d1bcab5 Access: simplified rule parser code. Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	302 all = 0;
6175 8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	303 ngx_memzero(&cidr, sizeof(ngx_cidr_t));
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	304
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	305 value = cf->args->elts;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	306
6996 72188d1bcab5 Access: simplified rule parser code. Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	307 if (value[1].len == 3 && ngx_strcmp(value[1].data, "all") == 0) {
72188d1bcab5 Access: simplified rule parser code. Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	308 all = 1;
6175 8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	309
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	310 #if (NGX_HAVE_UNIX_DOMAIN)
6996 72188d1bcab5 Access: simplified rule parser code. Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	311 } else if (value[1].len == 5 && ngx_strcmp(value[1].data, "unix:") == 0) {
72188d1bcab5 Access: simplified rule parser code. Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	312 cidr.family = AF_UNIX;
72188d1bcab5 Access: simplified rule parser code. Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	313 #endif
6175 8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	314
6996 72188d1bcab5 Access: simplified rule parser code. Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	315 } else {
6175 8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	316 rc = ngx_ptocidr(&value[1], &cidr);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	317
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	318 if (rc == NGX_ERROR) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	319 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	320 "invalid parameter \"%V\"", &value[1]);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	321 return NGX_CONF_ERROR;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	322 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	323
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	324 if (rc == NGX_DONE) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	325 ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	326 "low address bits of %V are meaningless", &value[1]);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	327 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	328 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	329
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	330 if (cidr.family == AF_INET \|\| all) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	331
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	332 if (ascf->rules == NULL) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	333 ascf->rules = ngx_array_create(cf->pool, 4,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	334 sizeof(ngx_stream_access_rule_t));
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	335 if (ascf->rules == NULL) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	336 return NGX_CONF_ERROR;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	337 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	338 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	339
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	340 rule = ngx_array_push(ascf->rules);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	341 if (rule == NULL) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	342 return NGX_CONF_ERROR;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	343 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	344
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	345 rule->mask = cidr.u.in.mask;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	346 rule->addr = cidr.u.in.addr;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	347 rule->deny = (value[0].data[0] == 'd') ? 1 : 0;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	348 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	349
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	350 #if (NGX_HAVE_INET6)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	351 if (cidr.family == AF_INET6 \|\| all) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	352
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	353 if (ascf->rules6 == NULL) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	354 ascf->rules6 = ngx_array_create(cf->pool, 4,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	355 sizeof(ngx_stream_access_rule6_t));
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	356 if (ascf->rules6 == NULL) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	357 return NGX_CONF_ERROR;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	358 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	359 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	360
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	361 rule6 = ngx_array_push(ascf->rules6);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	362 if (rule6 == NULL) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	363 return NGX_CONF_ERROR;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	364 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	365
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	366 rule6->mask = cidr.u.in6.mask;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	367 rule6->addr = cidr.u.in6.addr;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	368 rule6->deny = (value[0].data[0] == 'd') ? 1 : 0;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	369 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	370 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	371
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	372 #if (NGX_HAVE_UNIX_DOMAIN)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	373 if (cidr.family == AF_UNIX \|\| all) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	374
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	375 if (ascf->rules_un == NULL) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	376 ascf->rules_un = ngx_array_create(cf->pool, 1,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	377 sizeof(ngx_stream_access_rule_un_t));
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	378 if (ascf->rules_un == NULL) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	379 return NGX_CONF_ERROR;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	380 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	381 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	382
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	383 rule_un = ngx_array_push(ascf->rules_un);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	384 if (rule_un == NULL) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	385 return NGX_CONF_ERROR;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	386 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	387
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	388 rule_un->deny = (value[0].data[0] == 'd') ? 1 : 0;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	389 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	390 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	391
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	392 return NGX_CONF_OK;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	393 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	394
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	395
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	396 static void *
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	397 ngx_stream_access_create_srv_conf(ngx_conf_t *cf)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	398 {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	399 ngx_stream_access_srv_conf_t *conf;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	400
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	401 conf = ngx_pcalloc(cf->pool, sizeof(ngx_stream_access_srv_conf_t));
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	402 if (conf == NULL) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	403 return NULL;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	404 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	405
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	406 return conf;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	407 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	408
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	409
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	410 static char *
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	411 ngx_stream_access_merge_srv_conf(ngx_conf_t cf, void parent, void *child)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	412 {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	413 ngx_stream_access_srv_conf_t *prev = parent;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	414 ngx_stream_access_srv_conf_t *conf = child;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	415
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	416 if (conf->rules == NULL
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	417 #if (NGX_HAVE_INET6)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	418 && conf->rules6 == NULL
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	419 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	420 #if (NGX_HAVE_UNIX_DOMAIN)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	421 && conf->rules_un == NULL
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	422 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	423 ) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	424 conf->rules = prev->rules;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	425 #if (NGX_HAVE_INET6)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	426 conf->rules6 = prev->rules6;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	427 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	428 #if (NGX_HAVE_UNIX_DOMAIN)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	429 conf->rules_un = prev->rules_un;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	430 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	431 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	432
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	433 return NGX_CONF_OK;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	434 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	435
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	436
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	437 static ngx_int_t
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	438 ngx_stream_access_init(ngx_conf_t *cf)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	439 {
6693 3908156a51fa Stream: phases. Roman Arutyunyan <arut@nginx.com> parents: 6606 diff changeset	440 ngx_stream_handler_pt *h;
6175 8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	441 ngx_stream_core_main_conf_t *cmcf;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	442
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	443 cmcf = ngx_stream_conf_get_module_main_conf(cf, ngx_stream_core_module);
6693 3908156a51fa Stream: phases. Roman Arutyunyan <arut@nginx.com> parents: 6606 diff changeset	444
3908156a51fa Stream: phases. Roman Arutyunyan <arut@nginx.com> parents: 6606 diff changeset	445 h = ngx_array_push(&cmcf->phases[NGX_STREAM_ACCESS_PHASE].handlers);
3908156a51fa Stream: phases. Roman Arutyunyan <arut@nginx.com> parents: 6606 diff changeset	446 if (h == NULL) {
3908156a51fa Stream: phases. Roman Arutyunyan <arut@nginx.com> parents: 6606 diff changeset	447 return NGX_ERROR;
3908156a51fa Stream: phases. Roman Arutyunyan <arut@nginx.com> parents: 6606 diff changeset	448 }
3908156a51fa Stream: phases. Roman Arutyunyan <arut@nginx.com> parents: 6606 diff changeset	449
3908156a51fa Stream: phases. Roman Arutyunyan <arut@nginx.com> parents: 6606 diff changeset	450 *h = ngx_stream_access_handler;
6175 8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	451
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	452 return NGX_OK;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	453 }

Mercurial > hg > nginx

annotate src/stream/ngx_stream_access_module.c @ 7690:8253424d1aff