nginx: src/stream/ngx_stream_realip

annotate src/stream/ngx_stream_realip_module.c @ 7690:8253424d1aff

Added size check to ngx_http_alloc_large_header_buffer(). This ensures that copying won't write more than the buffer size even if the buffer comes from hc->free and it is smaller than the large client header buffer size in the virtual host configuration. This might happen if size of large client header buffers is different in name-based virtual hosts, similarly to the problem with number of buffers fixed in 6926:e662cbf1b932.

author	Maxim Dounin <mdounin@mdounin.ru>
date	Thu, 06 Aug 2020 05:02:22 +0300
parents	06b01840bd42
children

rev	line source
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	1
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	2 /*
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	3 * Copyright (C) Igor Sysoev
4412 d620f497c50f Copyright updated. Maxim Konovalov <maxim@nginx.com> parents: 3305 diff changeset	4 * Copyright (C) Nginx, Inc.
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	5 */
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	6
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	7
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	8 #include <ngx_config.h>
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	9 #include <ngx_core.h>
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	10 #include <ngx_stream.h>
2257 74d270c8821e real_ip_header supports any header Igor Sysoev <igor@sysoev.ru> parents: 2202 diff changeset	11
74d270c8821e real_ip_header supports any header Igor Sysoev <igor@sysoev.ru> parents: 2202 diff changeset	12
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	13 typedef struct {
4624 df93068953c0 realip: chains of trusted proxies and IPv6 support. Ruslan Ermilov <ru@nginx.com> parents: 4562 diff changeset	14 ngx_array_t from; / array of ngx_cidr_t */
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	15 } ngx_stream_realip_srv_conf_t;
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	16
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	17
2176 29d26406e1bd restore connection address on request closure, Igor Sysoev <igor@sysoev.ru> parents: 2049 diff changeset	18 typedef struct {
3274 95b0b0d7843f set_real_ip_from unix: Igor Sysoev <igor@sysoev.ru> parents: 3273 diff changeset	19 struct sockaddr *sockaddr;
95b0b0d7843f set_real_ip_from unix: Igor Sysoev <igor@sysoev.ru> parents: 3273 diff changeset	20 socklen_t socklen;
95b0b0d7843f set_real_ip_from unix: Igor Sysoev <igor@sysoev.ru> parents: 3273 diff changeset	21 ngx_str_t addr_text;
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	22 } ngx_stream_realip_ctx_t;
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	23
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	24
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	25 static ngx_int_t ngx_stream_realip_handler(ngx_stream_session_t *s);
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	26 static ngx_int_t ngx_stream_realip_set_addr(ngx_stream_session_t *s,
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	27 ngx_addr_t *addr);
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	28 static char ngx_stream_realip_from(ngx_conf_t cf, ngx_command_t *cmd,
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	29 void *conf);
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	30 static void ngx_stream_realip_create_srv_conf(ngx_conf_t cf);
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	31 static char ngx_stream_realip_merge_srv_conf(ngx_conf_t cf, void *parent,
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	32 void *child);
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	33 static ngx_int_t ngx_stream_realip_add_variables(ngx_conf_t *cf);
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	34 static ngx_int_t ngx_stream_realip_init(ngx_conf_t *cf);
6294 cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	35
cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	36
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	37 static ngx_int_t ngx_stream_realip_remote_addr_variable(ngx_stream_session_t *s,
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	38 ngx_stream_variable_value_t *v, uintptr_t data);
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	39 static ngx_int_t ngx_stream_realip_remote_port_variable(ngx_stream_session_t *s,
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	40 ngx_stream_variable_value_t *v, uintptr_t data);
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	41
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	42
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	43 static ngx_command_t ngx_stream_realip_commands[] = {
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	44
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	45 { ngx_string("set_real_ip_from"),
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	46 NGX_STREAM_MAIN_CONF\|NGX_STREAM_SRV_CONF\|NGX_CONF_TAKE1,
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	47 ngx_stream_realip_from,
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	48 NGX_STREAM_SRV_CONF_OFFSET,
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	49 0,
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	50 NULL },
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	51
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	52 ngx_null_command
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	53 };
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	54
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	55
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	56 static ngx_stream_module_t ngx_stream_realip_module_ctx = {
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	57 ngx_stream_realip_add_variables, /* preconfiguration */
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	58 ngx_stream_realip_init, /* postconfiguration */
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	59
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	60 NULL, /* create main configuration */
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	61 NULL, /* init main configuration */
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	62
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	63 ngx_stream_realip_create_srv_conf, /* create server configuration */
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	64 ngx_stream_realip_merge_srv_conf /* merge server configuration */
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	65 };
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	66
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	67
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	68 ngx_module_t ngx_stream_realip_module = {
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	69 NGX_MODULE_V1,
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	70 &ngx_stream_realip_module_ctx, /* module context */
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	71 ngx_stream_realip_commands, /* module directives */
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	72 NGX_STREAM_MODULE, /* module type */
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	73 NULL, /* init master */
681 7e24168b0853 nginx-0.4.0-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 667 diff changeset	74 NULL, /* init module */
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	75 NULL, /* init process */
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	76 NULL, /* init thread */
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	77 NULL, /* exit thread */
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	78 NULL, /* exit process */
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	79 NULL, /* exit master */
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	80 NGX_MODULE_V1_PADDING
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	81 };
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	82
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	83
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	84 static ngx_stream_variable_t ngx_stream_realip_vars[] = {
6294 cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	85
cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	86 { ngx_string("realip_remote_addr"), NULL,
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	87 ngx_stream_realip_remote_addr_variable, 0, 0, 0 },
6294 cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	88
6562 b13d3a6f0512 Added the $realip_remote_port variable. Dmitry Volyntsev <xeioex@nginx.com> parents: 6474 diff changeset	89 { ngx_string("realip_remote_port"), NULL,
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	90 ngx_stream_realip_remote_port_variable, 0, 0, 0 },
6562 b13d3a6f0512 Added the $realip_remote_port variable. Dmitry Volyntsev <xeioex@nginx.com> parents: 6474 diff changeset	91
7077 2a288909abc6 Variables: macros for null variables. Ruslan Ermilov <ru@nginx.com> parents: 6997 diff changeset	92 ngx_stream_null_variable
6294 cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	93 };
cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	94
cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	95
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	96 static ngx_int_t
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	97 ngx_stream_realip_handler(ngx_stream_session_t *s)
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	98 {
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	99 ngx_addr_t addr;
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	100 ngx_connection_t *c;
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	101 ngx_stream_realip_srv_conf_t *rscf;
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	102
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	103 rscf = ngx_stream_get_module_srv_conf(s, ngx_stream_realip_module);
2176 29d26406e1bd restore connection address on request closure, Igor Sysoev <igor@sysoev.ru> parents: 2049 diff changeset	104
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	105 if (rscf->from == NULL) {
986 68c85f283043 ngx_http_realip_module must return NGX_DECLINED Igor Sysoev <igor@sysoev.ru> parents: 681 diff changeset	106 return NGX_DECLINED;
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	107 }
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	108
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	109 c = s->connection;
5605 3a72b1805c52 Added server-side support for PROXY protocol v1 (ticket #355). Roman Arutyunyan <arut@nginx.com> parents: 5263 diff changeset	110
7590 06b01840bd42 Core: moved PROXY protocol fields out of ngx_connection_t. Roman Arutyunyan <arut@nginx.com> parents: 7077 diff changeset	111 if (c->proxy_protocol == NULL) {
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	112 return NGX_DECLINED;
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	113 }
2257 74d270c8821e real_ip_header supports any header Igor Sysoev <igor@sysoev.ru> parents: 2202 diff changeset	114
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	115 if (ngx_cidr_match(c->sockaddr, rscf->from) != NGX_OK) {
2257 74d270c8821e real_ip_header supports any header Igor Sysoev <igor@sysoev.ru> parents: 2202 diff changeset	116 return NGX_DECLINED;
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	117 }
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	118
7590 06b01840bd42 Core: moved PROXY protocol fields out of ngx_connection_t. Roman Arutyunyan <arut@nginx.com> parents: 7077 diff changeset	119 if (ngx_parse_addr(c->pool, &addr, c->proxy_protocol->src_addr.data,
06b01840bd42 Core: moved PROXY protocol fields out of ngx_connection_t. Roman Arutyunyan <arut@nginx.com> parents: 7077 diff changeset	120 c->proxy_protocol->src_addr.len)
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	121 != NGX_OK)
4624 df93068953c0 realip: chains of trusted proxies and IPv6 support. Ruslan Ermilov <ru@nginx.com> parents: 4562 diff changeset	122 {
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	123 return NGX_DECLINED;
3274 95b0b0d7843f set_real_ip_from unix: Igor Sysoev <igor@sysoev.ru> parents: 3273 diff changeset	124 }
95b0b0d7843f set_real_ip_from unix: Igor Sysoev <igor@sysoev.ru> parents: 3273 diff changeset	125
7590 06b01840bd42 Core: moved PROXY protocol fields out of ngx_connection_t. Roman Arutyunyan <arut@nginx.com> parents: 7077 diff changeset	126 ngx_inet_set_port(addr.sockaddr, c->proxy_protocol->src_port);
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	127
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	128 return ngx_stream_realip_set_addr(s, &addr);
3274 95b0b0d7843f set_real_ip_from unix: Igor Sysoev <igor@sysoev.ru> parents: 3273 diff changeset	129 }
95b0b0d7843f set_real_ip_from unix: Igor Sysoev <igor@sysoev.ru> parents: 3273 diff changeset	130
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	131
3274 95b0b0d7843f set_real_ip_from unix: Igor Sysoev <igor@sysoev.ru> parents: 3273 diff changeset	132 static ngx_int_t
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	133 ngx_stream_realip_set_addr(ngx_stream_session_t s, ngx_addr_t addr)
3274 95b0b0d7843f set_real_ip_from unix: Igor Sysoev <igor@sysoev.ru> parents: 3273 diff changeset	134 {
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	135 size_t len;
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	136 u_char *p;
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	137 u_char text[NGX_SOCKADDR_STRLEN];
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	138 ngx_connection_t *c;
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	139 ngx_stream_realip_ctx_t *ctx;
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	140
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	141 c = s->connection;
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	142
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	143 ctx = ngx_palloc(c->pool, sizeof(ngx_stream_realip_ctx_t));
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	144 if (ctx == NULL) {
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	145 return NGX_ERROR;
3274 95b0b0d7843f set_real_ip_from unix: Igor Sysoev <igor@sysoev.ru> parents: 3273 diff changeset	146 }
2176 29d26406e1bd restore connection address on request closure, Igor Sysoev <igor@sysoev.ru> parents: 2049 diff changeset	147
5263 05ba5bce31e0 Core: extended ngx_sock_ntop() with socklen parameter. Vladimir Homutov <vl@nginx.com> parents: 5084 diff changeset	148 len = ngx_sock_ntop(addr->sockaddr, addr->socklen, text,
05ba5bce31e0 Core: extended ngx_sock_ntop() with socklen parameter. Vladimir Homutov <vl@nginx.com> parents: 5084 diff changeset	149 NGX_SOCKADDR_STRLEN, 0);
4624 df93068953c0 realip: chains of trusted proxies and IPv6 support. Ruslan Ermilov <ru@nginx.com> parents: 4562 diff changeset	150 if (len == 0) {
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	151 return NGX_ERROR;
3274 95b0b0d7843f set_real_ip_from unix: Igor Sysoev <igor@sysoev.ru> parents: 3273 diff changeset	152 }
1114 3f354952e91d fix broken values, debug logging, and style fix Igor Sysoev <igor@sysoev.ru> parents: 986 diff changeset	153
3274 95b0b0d7843f set_real_ip_from unix: Igor Sysoev <igor@sysoev.ru> parents: 3273 diff changeset	154 p = ngx_pnalloc(c->pool, len);
95b0b0d7843f set_real_ip_from unix: Igor Sysoev <igor@sysoev.ru> parents: 3273 diff changeset	155 if (p == NULL) {
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	156 return NGX_ERROR;
3274 95b0b0d7843f set_real_ip_from unix: Igor Sysoev <igor@sysoev.ru> parents: 3273 diff changeset	157 }
1118 cec2866f29bd a client address must be allocated from a connection pool Igor Sysoev <igor@sysoev.ru> parents: 1114 diff changeset	158
4624 df93068953c0 realip: chains of trusted proxies and IPv6 support. Ruslan Ermilov <ru@nginx.com> parents: 4562 diff changeset	159 ngx_memcpy(p, text, len);
2176 29d26406e1bd restore connection address on request closure, Igor Sysoev <igor@sysoev.ru> parents: 2049 diff changeset	160
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	161 ngx_stream_set_ctx(s, ctx, ngx_stream_realip_module);
2176 29d26406e1bd restore connection address on request closure, Igor Sysoev <igor@sysoev.ru> parents: 2049 diff changeset	162
3274 95b0b0d7843f set_real_ip_from unix: Igor Sysoev <igor@sysoev.ru> parents: 3273 diff changeset	163 ctx->sockaddr = c->sockaddr;
95b0b0d7843f set_real_ip_from unix: Igor Sysoev <igor@sysoev.ru> parents: 3273 diff changeset	164 ctx->socklen = c->socklen;
95b0b0d7843f set_real_ip_from unix: Igor Sysoev <igor@sysoev.ru> parents: 3273 diff changeset	165 ctx->addr_text = c->addr_text;
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	166
4624 df93068953c0 realip: chains of trusted proxies and IPv6 support. Ruslan Ermilov <ru@nginx.com> parents: 4562 diff changeset	167 c->sockaddr = addr->sockaddr;
df93068953c0 realip: chains of trusted proxies and IPv6 support. Ruslan Ermilov <ru@nginx.com> parents: 4562 diff changeset	168 c->socklen = addr->socklen;
3274 95b0b0d7843f set_real_ip_from unix: Igor Sysoev <igor@sysoev.ru> parents: 3273 diff changeset	169 c->addr_text.len = len;
95b0b0d7843f set_real_ip_from unix: Igor Sysoev <igor@sysoev.ru> parents: 3273 diff changeset	170 c->addr_text.data = p;
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	171
986 68c85f283043 ngx_http_realip_module must return NGX_DECLINED Igor Sysoev <igor@sysoev.ru> parents: 681 diff changeset	172 return NGX_DECLINED;
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	173 }
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	174
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	175
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	176 static char *
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	177 ngx_stream_realip_from(ngx_conf_t cf, ngx_command_t cmd, void *conf)
2176 29d26406e1bd restore connection address on request closure, Igor Sysoev <igor@sysoev.ru> parents: 2049 diff changeset	178 {
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	179 ngx_stream_realip_srv_conf_t *rscf = conf;
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	180
6997 df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	181 ngx_int_t rc;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	182 ngx_str_t *value;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	183 ngx_url_t u;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	184 ngx_cidr_t c, *cidr;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	185 ngx_uint_t i;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	186 struct sockaddr_in *sin;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	187 #if (NGX_HAVE_INET6)
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	188 struct sockaddr_in6 *sin6;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	189 #endif
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	190
3274 95b0b0d7843f set_real_ip_from unix: Igor Sysoev <igor@sysoev.ru> parents: 3273 diff changeset	191 value = cf->args->elts;
95b0b0d7843f set_real_ip_from unix: Igor Sysoev <igor@sysoev.ru> parents: 3273 diff changeset	192
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	193 if (rscf->from == NULL) {
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	194 rscf->from = ngx_array_create(cf->pool, 2,
4624 df93068953c0 realip: chains of trusted proxies and IPv6 support. Ruslan Ermilov <ru@nginx.com> parents: 4562 diff changeset	195 sizeof(ngx_cidr_t));
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	196 if (rscf->from == NULL) {
4624 df93068953c0 realip: chains of trusted proxies and IPv6 support. Ruslan Ermilov <ru@nginx.com> parents: 4562 diff changeset	197 return NGX_CONF_ERROR;
df93068953c0 realip: chains of trusted proxies and IPv6 support. Ruslan Ermilov <ru@nginx.com> parents: 4562 diff changeset	198 }
df93068953c0 realip: chains of trusted proxies and IPv6 support. Ruslan Ermilov <ru@nginx.com> parents: 4562 diff changeset	199 }
df93068953c0 realip: chains of trusted proxies and IPv6 support. Ruslan Ermilov <ru@nginx.com> parents: 4562 diff changeset	200
3274 95b0b0d7843f set_real_ip_from unix: Igor Sysoev <igor@sysoev.ru> parents: 3273 diff changeset	201 #if (NGX_HAVE_UNIX_DOMAIN)
95b0b0d7843f set_real_ip_from unix: Igor Sysoev <igor@sysoev.ru> parents: 3273 diff changeset	202
95b0b0d7843f set_real_ip_from unix: Igor Sysoev <igor@sysoev.ru> parents: 3273 diff changeset	203 if (ngx_strcmp(value[1].data, "unix:") == 0) {
6997 df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	204 cidr = ngx_array_push(rscf->from);
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	205 if (cidr == NULL) {
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	206 return NGX_CONF_ERROR;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	207 }
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	208
6474 2cd019520210 Style. Ruslan Ermilov <ru@nginx.com> parents: 6294 diff changeset	209 cidr->family = AF_UNIX;
2cd019520210 Style. Ruslan Ermilov <ru@nginx.com> parents: 6294 diff changeset	210 return NGX_CONF_OK;
3274 95b0b0d7843f set_real_ip_from unix: Igor Sysoev <igor@sysoev.ru> parents: 3273 diff changeset	211 }
95b0b0d7843f set_real_ip_from unix: Igor Sysoev <igor@sysoev.ru> parents: 3273 diff changeset	212
95b0b0d7843f set_real_ip_from unix: Igor Sysoev <igor@sysoev.ru> parents: 3273 diff changeset	213 #endif
95b0b0d7843f set_real_ip_from unix: Igor Sysoev <igor@sysoev.ru> parents: 3273 diff changeset	214
6997 df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	215 rc = ngx_ptocidr(&value[1], &c);
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	216
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	217 if (rc != NGX_ERROR) {
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	218 if (rc == NGX_DONE) {
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	219 ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	220 "low address bits of %V are meaningless",
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	221 &value[1]);
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	222 }
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	223
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	224 cidr = ngx_array_push(rscf->from);
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	225 if (cidr == NULL) {
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	226 return NGX_CONF_ERROR;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	227 }
1380 b590a528fd41 ignore meaningless bits in CIDR and warn about them Igor Sysoev <igor@sysoev.ru> parents: 1118 diff changeset	228
6997 df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	229 *cidr = c;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	230
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	231 return NGX_CONF_OK;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	232 }
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	233
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	234 ngx_memzero(&u, sizeof(ngx_url_t));
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	235 u.host = value[1];
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	236
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	237 if (ngx_inet_resolve_host(cf->pool, &u) != NGX_OK) {
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	238 if (u.err) {
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	239 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	240 "%s in set_real_ip_from \"%V\"",
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	241 u.err, &u.host);
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	242 }
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	243
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	244 return NGX_CONF_ERROR;
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	245 }
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	246
6997 df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	247 cidr = ngx_array_push_n(rscf->from, u.naddrs);
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	248 if (cidr == NULL) {
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	249 return NGX_CONF_ERROR;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	250 }
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	251
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	252 ngx_memzero(cidr, u.naddrs * sizeof(ngx_cidr_t));
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	253
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	254 for (i = 0; i < u.naddrs; i++) {
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	255 cidr[i].family = u.addrs[i].sockaddr->sa_family;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	256
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	257 switch (cidr[i].family) {
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	258
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	259 #if (NGX_HAVE_INET6)
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	260 case AF_INET6:
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	261 sin6 = (struct sockaddr_in6 *) u.addrs[i].sockaddr;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	262 cidr[i].u.in6.addr = sin6->sin6_addr;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	263 ngx_memset(cidr[i].u.in6.mask.s6_addr, 0xff, 16);
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	264 break;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	265 #endif
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	266
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	267 default: /* AF_INET */
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	268 sin = (struct sockaddr_in *) u.addrs[i].sockaddr;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	269 cidr[i].u.in.addr = sin->sin_addr.s_addr;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	270 cidr[i].u.in.mask = 0xffffffff;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	271 break;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180). Ruslan Ermilov <ru@nginx.com> parents: 6693 diff changeset	272 }
1380 b590a528fd41 ignore meaningless bits in CIDR and warn about them Igor Sysoev <igor@sysoev.ru> parents: 1118 diff changeset	273 }
b590a528fd41 ignore meaningless bits in CIDR and warn about them Igor Sysoev <igor@sysoev.ru> parents: 1118 diff changeset	274
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	275 return NGX_CONF_OK;
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	276 }
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	277
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	278
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	279 static void *
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	280 ngx_stream_realip_create_srv_conf(ngx_conf_t *cf)
2257 74d270c8821e real_ip_header supports any header Igor Sysoev <igor@sysoev.ru> parents: 2202 diff changeset	281 {
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	282 ngx_stream_realip_srv_conf_t *conf;
2257 74d270c8821e real_ip_header supports any header Igor Sysoev <igor@sysoev.ru> parents: 2202 diff changeset	283
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	284 conf = ngx_pcalloc(cf->pool, sizeof(ngx_stream_realip_srv_conf_t));
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	285 if (conf == NULL) {
2912 c7d57b539248 return NULL instead of NGX_CONF_ERROR on a create conf failure Igor Sysoev <igor@sysoev.ru> parents: 2537 diff changeset	286 return NULL;
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	287 }
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	288
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	289 /*
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	290 * set by ngx_pcalloc():
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	291 *
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	292 * conf->from = NULL;
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	293 */
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	294
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	295 return conf;
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	296 }
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	297
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	298
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	299 static char *
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	300 ngx_stream_realip_merge_srv_conf(ngx_conf_t cf, void parent, void *child)
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	301 {
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	302 ngx_stream_realip_srv_conf_t *prev = parent;
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	303 ngx_stream_realip_srv_conf_t *conf = child;
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	304
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	305 if (conf->from == NULL) {
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	306 conf->from = prev->from;
3305 8017f9bda3f6 fix "set_real_ip_from unix:" inheritance Igor Sysoev <igor@sysoev.ru> parents: 3291 diff changeset	307 }
8017f9bda3f6 fix "set_real_ip_from unix:" inheritance Igor Sysoev <igor@sysoev.ru> parents: 3291 diff changeset	308
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	309 return NGX_CONF_OK;
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	310 }
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	311
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	312
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	313 static ngx_int_t
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	314 ngx_stream_realip_add_variables(ngx_conf_t *cf)
6294 cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	315 {
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	316 ngx_stream_variable_t var, v;
6294 cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	317
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	318 for (v = ngx_stream_realip_vars; v->name.len; v++) {
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	319 var = ngx_stream_add_variable(cf, &v->name, v->flags);
6294 cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	320 if (var == NULL) {
cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	321 return NGX_ERROR;
cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	322 }
cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	323
cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	324 var->get_handler = v->get_handler;
cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	325 var->data = v->data;
cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	326 }
cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	327
cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	328 return NGX_OK;
cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	329 }
cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	330
cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	331
cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	332 static ngx_int_t
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	333 ngx_stream_realip_init(ngx_conf_t *cf)
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	334 {
6693 3908156a51fa Stream: phases. Roman Arutyunyan <arut@nginx.com> parents: 6684 diff changeset	335 ngx_stream_handler_pt *h;
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	336 ngx_stream_core_main_conf_t *cmcf;
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	337
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	338 cmcf = ngx_stream_conf_get_module_main_conf(cf, ngx_stream_core_module);
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	339
6693 3908156a51fa Stream: phases. Roman Arutyunyan <arut@nginx.com> parents: 6684 diff changeset	340 h = ngx_array_push(&cmcf->phases[NGX_STREAM_POST_ACCEPT_PHASE].handlers);
3908156a51fa Stream: phases. Roman Arutyunyan <arut@nginx.com> parents: 6684 diff changeset	341 if (h == NULL) {
3908156a51fa Stream: phases. Roman Arutyunyan <arut@nginx.com> parents: 6684 diff changeset	342 return NGX_ERROR;
3908156a51fa Stream: phases. Roman Arutyunyan <arut@nginx.com> parents: 6684 diff changeset	343 }
3908156a51fa Stream: phases. Roman Arutyunyan <arut@nginx.com> parents: 6684 diff changeset	344
3908156a51fa Stream: phases. Roman Arutyunyan <arut@nginx.com> parents: 6684 diff changeset	345 *h = ngx_stream_realip_handler;
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	346
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	347 return NGX_OK;
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	348 }
6294 cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	349
cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	350
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	351 static ngx_int_t
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	352 ngx_stream_realip_remote_addr_variable(ngx_stream_session_t *s,
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	353 ngx_stream_variable_value_t *v, uintptr_t data)
6294 cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	354 {
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	355 ngx_str_t *addr_text;
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	356 ngx_stream_realip_ctx_t *ctx;
6294 cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	357
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	358 ctx = ngx_stream_get_module_ctx(s, ngx_stream_realip_module);
6562 b13d3a6f0512 Added the $realip_remote_port variable. Dmitry Volyntsev <xeioex@nginx.com> parents: 6474 diff changeset	359
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	360 addr_text = ctx ? &ctx->addr_text : &s->connection->addr_text;
6294 cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	361
cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	362 v->len = addr_text->len;
cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	363 v->valid = 1;
cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	364 v->no_cacheable = 0;
cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	365 v->not_found = 0;
cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	366 v->data = addr_text->data;
cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	367
cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	368 return NGX_OK;
cebe43bace93 Realip: the $realip_remote_addr variable. Ruslan Ermilov <ru@nginx.com> parents: 5605 diff changeset	369 }
6562 b13d3a6f0512 Added the $realip_remote_port variable. Dmitry Volyntsev <xeioex@nginx.com> parents: 6474 diff changeset	370
b13d3a6f0512 Added the $realip_remote_port variable. Dmitry Volyntsev <xeioex@nginx.com> parents: 6474 diff changeset	371
b13d3a6f0512 Added the $realip_remote_port variable. Dmitry Volyntsev <xeioex@nginx.com> parents: 6474 diff changeset	372 static ngx_int_t
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	373 ngx_stream_realip_remote_port_variable(ngx_stream_session_t *s,
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	374 ngx_stream_variable_value_t *v, uintptr_t data)
6562 b13d3a6f0512 Added the $realip_remote_port variable. Dmitry Volyntsev <xeioex@nginx.com> parents: 6474 diff changeset	375 {
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	376 ngx_uint_t port;
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	377 struct sockaddr *sa;
9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	378 ngx_stream_realip_ctx_t *ctx;
6562 b13d3a6f0512 Added the $realip_remote_port variable. Dmitry Volyntsev <xeioex@nginx.com> parents: 6474 diff changeset	379
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	380 ctx = ngx_stream_get_module_ctx(s, ngx_stream_realip_module);
6562 b13d3a6f0512 Added the $realip_remote_port variable. Dmitry Volyntsev <xeioex@nginx.com> parents: 6474 diff changeset	381
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	382 sa = ctx ? ctx->sockaddr : s->connection->sockaddr;
6562 b13d3a6f0512 Added the $realip_remote_port variable. Dmitry Volyntsev <xeioex@nginx.com> parents: 6474 diff changeset	383
b13d3a6f0512 Added the $realip_remote_port variable. Dmitry Volyntsev <xeioex@nginx.com> parents: 6474 diff changeset	384 v->len = 0;
b13d3a6f0512 Added the $realip_remote_port variable. Dmitry Volyntsev <xeioex@nginx.com> parents: 6474 diff changeset	385 v->valid = 1;
b13d3a6f0512 Added the $realip_remote_port variable. Dmitry Volyntsev <xeioex@nginx.com> parents: 6474 diff changeset	386 v->no_cacheable = 0;
b13d3a6f0512 Added the $realip_remote_port variable. Dmitry Volyntsev <xeioex@nginx.com> parents: 6474 diff changeset	387 v->not_found = 0;
b13d3a6f0512 Added the $realip_remote_port variable. Dmitry Volyntsev <xeioex@nginx.com> parents: 6474 diff changeset	388
6684 9cac11efb205 Stream: realip module. Dmitry Volyntsev <xeioex@nginx.com> parents: 6671 diff changeset	389 v->data = ngx_pnalloc(s->connection->pool, sizeof("65535") - 1);
6562 b13d3a6f0512 Added the $realip_remote_port variable. Dmitry Volyntsev <xeioex@nginx.com> parents: 6474 diff changeset	390 if (v->data == NULL) {
b13d3a6f0512 Added the $realip_remote_port variable. Dmitry Volyntsev <xeioex@nginx.com> parents: 6474 diff changeset	391 return NGX_ERROR;
b13d3a6f0512 Added the $realip_remote_port variable. Dmitry Volyntsev <xeioex@nginx.com> parents: 6474 diff changeset	392 }
b13d3a6f0512 Added the $realip_remote_port variable. Dmitry Volyntsev <xeioex@nginx.com> parents: 6474 diff changeset	393
6593 b3b7e33083ac Introduced ngx_inet_get_port() and ngx_inet_set_port() functions. Roman Arutyunyan <arut@nginx.com> parents: 6565 diff changeset	394 port = ngx_inet_get_port(sa);
6562 b13d3a6f0512 Added the $realip_remote_port variable. Dmitry Volyntsev <xeioex@nginx.com> parents: 6474 diff changeset	395
b13d3a6f0512 Added the $realip_remote_port variable. Dmitry Volyntsev <xeioex@nginx.com> parents: 6474 diff changeset	396 if (port > 0 && port < 65536) {
b13d3a6f0512 Added the $realip_remote_port variable. Dmitry Volyntsev <xeioex@nginx.com> parents: 6474 diff changeset	397 v->len = ngx_sprintf(v->data, "%ui", port) - v->data;
b13d3a6f0512 Added the $realip_remote_port variable. Dmitry Volyntsev <xeioex@nginx.com> parents: 6474 diff changeset	398 }
b13d3a6f0512 Added the $realip_remote_port variable. Dmitry Volyntsev <xeioex@nginx.com> parents: 6474 diff changeset	399
b13d3a6f0512 Added the $realip_remote_port variable. Dmitry Volyntsev <xeioex@nginx.com> parents: 6474 diff changeset	400 return NGX_OK;
b13d3a6f0512 Added the $realip_remote_port variable. Dmitry Volyntsev <xeioex@nginx.com> parents: 6474 diff changeset	401 }

Mercurial > hg > nginx

annotate src/stream/ngx_stream_realip_module.c @ 7690:8253424d1aff