Mercurial > hg > nginx
annotate src/core/ngx_proxy_protocol.c @ 7360:8f25a44d9add
SSL: logging level of "no suitable key share".
The "no suitable key share" errors are reported by OpenSSL 1.1.1 when
using TLSv1.3 if there are no shared groups (that is, elliptic curves).
In particular, it is easy enough to trigger by using only a single
curve in ssl_ecdh_curve:
ssl_ecdh_curve secp384r1;
and using a different curve in the client:
openssl s_client -connect 127.0.0.1:443 -curves prime256v1
On the client side it is seen as "sslv3 alert handshake failure",
"SSL alert number 40":
0:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1528:SSL alert number 40
It can be also triggered with default ssl_ecdh_curve by using a curve
which is not in the default list (X25519, prime256v1, X448, secp521r1,
secp384r1):
openssl s_client -connect 127.0.0.1:8443 -curves brainpoolP512r1
Given that many clients hardcode prime256v1, these errors might become
a common problem with TLSv1.3 if ssl_ecdh_curve is redefined. Previously
this resulted in not using ECDH with such clients, but with TLSv1.3 it
is no longer possible and will result in a handshake failure.
The SSL_R_NO_SHARED_GROUP error is what BoringSSL returns in the same
situation.
Seen at:
https://serverfault.com/questions/932102/nginx-ssl-handshake-error-no-suitable-key-share
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Tue, 25 Sep 2018 13:59:53 +0300 |
| parents | 1fd992589ffe |
| children | 06b01840bd42 |
| rev | line source |
|---|---|
|
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
1 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
2 /* |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
3 * Copyright (C) Roman Arutyunyan |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
4 * Copyright (C) Nginx, Inc. |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
5 */ |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
6 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
7 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
8 #include <ngx_config.h> |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
9 #include <ngx_core.h> |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
10 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
11 |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
12 #define NGX_PROXY_PROTOCOL_AF_INET 1 |
|
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
13 #define NGX_PROXY_PROTOCOL_AF_INET6 2 |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
14 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
15 |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
16 #define ngx_proxy_protocol_parse_uint16(p) ((p)[0] << 8 | (p)[1]) |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
17 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
18 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
19 typedef struct { |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
20 u_char signature[12]; |
|
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
21 u_char version_command; |
|
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
22 u_char family_transport; |
|
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
23 u_char len[2]; |
|
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
24 } ngx_proxy_protocol_header_t; |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
25 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
26 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
27 typedef struct { |
|
7254
1fd992589ffe
Core: fixed build, broken by 63e91f263a49.
Vladimir Homutov <vl@nginx.com>
parents:
7253
diff
changeset
|
28 u_char src_addr[4]; |
|
1fd992589ffe
Core: fixed build, broken by 63e91f263a49.
Vladimir Homutov <vl@nginx.com>
parents:
7253
diff
changeset
|
29 u_char dst_addr[4]; |
|
1fd992589ffe
Core: fixed build, broken by 63e91f263a49.
Vladimir Homutov <vl@nginx.com>
parents:
7253
diff
changeset
|
30 u_char src_port[2]; |
|
1fd992589ffe
Core: fixed build, broken by 63e91f263a49.
Vladimir Homutov <vl@nginx.com>
parents:
7253
diff
changeset
|
31 u_char dst_port[2]; |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
32 } ngx_proxy_protocol_inet_addrs_t; |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
33 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
34 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
35 typedef struct { |
|
7254
1fd992589ffe
Core: fixed build, broken by 63e91f263a49.
Vladimir Homutov <vl@nginx.com>
parents:
7253
diff
changeset
|
36 u_char src_addr[16]; |
|
1fd992589ffe
Core: fixed build, broken by 63e91f263a49.
Vladimir Homutov <vl@nginx.com>
parents:
7253
diff
changeset
|
37 u_char dst_addr[16]; |
|
1fd992589ffe
Core: fixed build, broken by 63e91f263a49.
Vladimir Homutov <vl@nginx.com>
parents:
7253
diff
changeset
|
38 u_char src_port[2]; |
|
1fd992589ffe
Core: fixed build, broken by 63e91f263a49.
Vladimir Homutov <vl@nginx.com>
parents:
7253
diff
changeset
|
39 u_char dst_port[2]; |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
40 } ngx_proxy_protocol_inet6_addrs_t; |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
41 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
42 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
43 static u_char *ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf, |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
44 u_char *last); |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
45 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
46 |
|
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
47 u_char * |
|
6185
a420cb1c170b
Core: renamed ngx_proxy_protocol_parse to ngx_proxy_protocol_read.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
48 ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf, u_char *last) |
|
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
49 { |
|
6561
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
50 size_t len; |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
51 u_char ch, *p, *addr, *port; |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
52 ngx_int_t n; |
|
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
53 |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
54 static const u_char signature[] = "\r\n\r\n\0\r\nQUIT\n"; |
|
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
55 |
|
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
56 p = buf; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
57 len = last - buf; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
58 |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
59 if (len >= sizeof(ngx_proxy_protocol_header_t) |
|
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
60 && memcmp(p, signature, sizeof(signature) - 1) == 0) |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
61 { |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
62 return ngx_proxy_protocol_v2_read(c, buf, last); |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
63 } |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
64 |
|
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
65 if (len < 8 || ngx_strncmp(p, "PROXY ", 6) != 0) { |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
66 goto invalid; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
67 } |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
68 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
69 p += 6; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
70 len -= 6; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
71 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
72 if (len >= 7 && ngx_strncmp(p, "UNKNOWN", 7) == 0) { |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
73 ngx_log_debug0(NGX_LOG_DEBUG_CORE, c->log, 0, |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
74 "PROXY protocol unknown protocol"); |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
75 p += 7; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
76 goto skip; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
77 } |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
78 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
79 if (len < 5 || ngx_strncmp(p, "TCP", 3) != 0 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
80 || (p[3] != '4' && p[3] != '6') || p[4] != ' ') |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
81 { |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
82 goto invalid; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
83 } |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
84 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
85 p += 5; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
86 addr = p; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
87 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
88 for ( ;; ) { |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
89 if (p == last) { |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
90 goto invalid; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
91 } |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
92 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
93 ch = *p++; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
94 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
95 if (ch == ' ') { |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
96 break; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
97 } |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
98 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
99 if (ch != ':' && ch != '.' |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
100 && (ch < 'a' || ch > 'f') |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
101 && (ch < 'A' || ch > 'F') |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
102 && (ch < '0' || ch > '9')) |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
103 { |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
104 goto invalid; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
105 } |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
106 } |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
107 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
108 len = p - addr - 1; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
109 c->proxy_protocol_addr.data = ngx_pnalloc(c->pool, len); |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
110 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
111 if (c->proxy_protocol_addr.data == NULL) { |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
112 return NULL; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
113 } |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
114 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
115 ngx_memcpy(c->proxy_protocol_addr.data, addr, len); |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
116 c->proxy_protocol_addr.len = len; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
117 |
|
6561
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
118 for ( ;; ) { |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
119 if (p == last) { |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
120 goto invalid; |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
121 } |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
122 |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
123 if (*p++ == ' ') { |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
124 break; |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
125 } |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
126 } |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
127 |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
128 port = p; |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
129 |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
130 for ( ;; ) { |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
131 if (p == last) { |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
132 goto invalid; |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
133 } |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
134 |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
135 if (*p++ == ' ') { |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
136 break; |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
137 } |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
138 } |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
139 |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
140 len = p - port - 1; |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
141 |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
142 n = ngx_atoi(port, len); |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
143 |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
144 if (n < 0 || n > 65535) { |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
145 goto invalid; |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
146 } |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
147 |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
148 c->proxy_protocol_port = (in_port_t) n; |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
149 |
|
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
150 ngx_log_debug2(NGX_LOG_DEBUG_CORE, c->log, 0, |
| 7252 | 151 "PROXY protocol address: %V %d", &c->proxy_protocol_addr, |
| 152 c->proxy_protocol_port); | |
|
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
153 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
154 skip: |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
155 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
156 for ( /* void */ ; p < last - 1; p++) { |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
157 if (p[0] == CR && p[1] == LF) { |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
158 return p + 2; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
159 } |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
160 } |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
161 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
162 invalid: |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
163 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
164 ngx_log_error(NGX_LOG_ERR, c->log, 0, |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
165 "broken header: \"%*s\"", (size_t) (last - buf), buf); |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
166 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
167 return NULL; |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
168 } |
|
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
169 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
170 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
171 u_char * |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
172 ngx_proxy_protocol_write(ngx_connection_t *c, u_char *buf, u_char *last) |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
173 { |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
174 ngx_uint_t port, lport; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
175 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
176 if (last - buf < NGX_PROXY_PROTOCOL_MAX_HEADER) { |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
177 return NULL; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
178 } |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
179 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
180 if (ngx_connection_local_sockaddr(c, NULL, 0) != NGX_OK) { |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
181 return NULL; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
182 } |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
183 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
184 switch (c->sockaddr->sa_family) { |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
185 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
186 case AF_INET: |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
187 buf = ngx_cpymem(buf, "PROXY TCP4 ", sizeof("PROXY TCP4 ") - 1); |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
188 break; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
189 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
190 #if (NGX_HAVE_INET6) |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
191 case AF_INET6: |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
192 buf = ngx_cpymem(buf, "PROXY TCP6 ", sizeof("PROXY TCP6 ") - 1); |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
193 break; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
194 #endif |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
195 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
196 default: |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
197 return ngx_cpymem(buf, "PROXY UNKNOWN" CRLF, |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
198 sizeof("PROXY UNKNOWN" CRLF) - 1); |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
199 } |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
200 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
201 buf += ngx_sock_ntop(c->sockaddr, c->socklen, buf, last - buf, 0); |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
202 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
203 *buf++ = ' '; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
204 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
205 buf += ngx_sock_ntop(c->local_sockaddr, c->local_socklen, buf, last - buf, |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
206 0); |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
207 |
|
6593
b3b7e33083ac
Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
Roman Arutyunyan <arut@nginx.com>
parents:
6561
diff
changeset
|
208 port = ngx_inet_get_port(c->sockaddr); |
|
b3b7e33083ac
Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
Roman Arutyunyan <arut@nginx.com>
parents:
6561
diff
changeset
|
209 lport = ngx_inet_get_port(c->local_sockaddr); |
|
b3b7e33083ac
Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
Roman Arutyunyan <arut@nginx.com>
parents:
6561
diff
changeset
|
210 |
|
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
211 return ngx_slprintf(buf, last, " %ui %ui" CRLF, port, lport); |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
212 } |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
213 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
214 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
215 static u_char * |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
216 ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf, u_char *last) |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
217 { |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
218 u_char *end; |
|
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
219 size_t len; |
|
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
220 socklen_t socklen; |
|
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
221 ngx_uint_t version, command, family, transport; |
|
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
222 ngx_sockaddr_t sockaddr; |
|
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
223 ngx_proxy_protocol_header_t *header; |
|
7254
1fd992589ffe
Core: fixed build, broken by 63e91f263a49.
Vladimir Homutov <vl@nginx.com>
parents:
7253
diff
changeset
|
224 ngx_proxy_protocol_inet_addrs_t *in; |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
225 #if (NGX_HAVE_INET6) |
|
7254
1fd992589ffe
Core: fixed build, broken by 63e91f263a49.
Vladimir Homutov <vl@nginx.com>
parents:
7253
diff
changeset
|
226 ngx_proxy_protocol_inet6_addrs_t *in6; |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
227 #endif |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
228 |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
229 header = (ngx_proxy_protocol_header_t *) buf; |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
230 |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
231 buf += sizeof(ngx_proxy_protocol_header_t); |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
232 |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
233 version = header->version_command >> 4; |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
234 |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
235 if (version != 2) { |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
236 ngx_log_error(NGX_LOG_ERR, c->log, 0, |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
237 "unknown PROXY protocol version: %ui", version); |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
238 return NULL; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
239 } |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
240 |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
241 len = ngx_proxy_protocol_parse_uint16(header->len); |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
242 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
243 if ((size_t) (last - buf) < len) { |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
244 ngx_log_error(NGX_LOG_ERR, c->log, 0, "header is too large"); |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
245 return NULL; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
246 } |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
247 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
248 end = buf + len; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
249 |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
250 command = header->version_command & 0x0f; |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
251 |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
252 /* only PROXY is supported */ |
|
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
253 if (command != 1) { |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
254 ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0, |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
255 "PROXY protocol v2 unsupported command %ui", command); |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
256 return end; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
257 } |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
258 |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
259 transport = header->family_transport & 0x0f; |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
260 |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
261 /* only STREAM is supported */ |
|
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
262 if (transport != 1) { |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
263 ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0, |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
264 "PROXY protocol v2 unsupported transport %ui", |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
265 transport); |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
266 return end; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
267 } |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
268 |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
269 family = header->family_transport >> 4; |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
270 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
271 switch (family) { |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
272 |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
273 case NGX_PROXY_PROTOCOL_AF_INET: |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
274 |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
275 if ((size_t) (end - buf) < sizeof(ngx_proxy_protocol_inet_addrs_t)) { |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
276 return NULL; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
277 } |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
278 |
|
7254
1fd992589ffe
Core: fixed build, broken by 63e91f263a49.
Vladimir Homutov <vl@nginx.com>
parents:
7253
diff
changeset
|
279 in = (ngx_proxy_protocol_inet_addrs_t *) buf; |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
280 |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
281 sockaddr.sockaddr_in.sin_family = AF_INET; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
282 sockaddr.sockaddr_in.sin_port = 0; |
|
7254
1fd992589ffe
Core: fixed build, broken by 63e91f263a49.
Vladimir Homutov <vl@nginx.com>
parents:
7253
diff
changeset
|
283 memcpy(&sockaddr.sockaddr_in.sin_addr, in->src_addr, 4); |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
284 |
|
7254
1fd992589ffe
Core: fixed build, broken by 63e91f263a49.
Vladimir Homutov <vl@nginx.com>
parents:
7253
diff
changeset
|
285 c->proxy_protocol_port = ngx_proxy_protocol_parse_uint16(in->src_port); |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
286 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
287 socklen = sizeof(struct sockaddr_in); |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
288 |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
289 buf += sizeof(ngx_proxy_protocol_inet_addrs_t); |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
290 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
291 break; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
292 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
293 #if (NGX_HAVE_INET6) |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
294 |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
295 case NGX_PROXY_PROTOCOL_AF_INET6: |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
296 |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
297 if ((size_t) (end - buf) < sizeof(ngx_proxy_protocol_inet6_addrs_t)) { |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
298 return NULL; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
299 } |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
300 |
|
7254
1fd992589ffe
Core: fixed build, broken by 63e91f263a49.
Vladimir Homutov <vl@nginx.com>
parents:
7253
diff
changeset
|
301 in6 = (ngx_proxy_protocol_inet6_addrs_t *) buf; |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
302 |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
303 sockaddr.sockaddr_in6.sin6_family = AF_INET6; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
304 sockaddr.sockaddr_in6.sin6_port = 0; |
|
7254
1fd992589ffe
Core: fixed build, broken by 63e91f263a49.
Vladimir Homutov <vl@nginx.com>
parents:
7253
diff
changeset
|
305 memcpy(&sockaddr.sockaddr_in6.sin6_addr, in6->src_addr, 16); |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
306 |
|
7254
1fd992589ffe
Core: fixed build, broken by 63e91f263a49.
Vladimir Homutov <vl@nginx.com>
parents:
7253
diff
changeset
|
307 c->proxy_protocol_port = ngx_proxy_protocol_parse_uint16(in6->src_port); |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
308 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
309 socklen = sizeof(struct sockaddr_in6); |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
310 |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
311 buf += sizeof(ngx_proxy_protocol_inet6_addrs_t); |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
312 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
313 break; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
314 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
315 #endif |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
316 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
317 default: |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
318 ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0, |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
319 "PROXY protocol v2 unsupported address family %ui", |
| 7252 | 320 family); |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
321 return end; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
322 } |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
323 |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
324 c->proxy_protocol_addr.data = ngx_pnalloc(c->pool, NGX_SOCKADDR_STRLEN); |
|
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
325 if (c->proxy_protocol_addr.data == NULL) { |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
326 return NULL; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
327 } |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
328 |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
329 c->proxy_protocol_addr.len = ngx_sock_ntop(&sockaddr.sockaddr, socklen, |
|
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
330 c->proxy_protocol_addr.data, |
|
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
331 NGX_SOCKADDR_STRLEN, 0); |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
332 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
333 ngx_log_debug2(NGX_LOG_DEBUG_CORE, c->log, 0, |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
334 "PROXY protocol v2 address: %V %d", &c->proxy_protocol_addr, |
| 7252 | 335 c->proxy_protocol_port); |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
336 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
337 if (buf < end) { |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
338 ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0, |
|
7253
63e91f263a49
Core: revised the PROXY protocol v2 code.
Ruslan Ermilov <ru@nginx.com>
parents:
7252
diff
changeset
|
339 "PROXY protocol v2 %z bytes of tlv ignored", end - buf); |
|
7251
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
340 } |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
341 |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
342 return end; |
|
416953ef0428
Core: added processing of version 2 of the PROXY protocol.
Vladimir Homutov <vl@nginx.com>
parents:
6593
diff
changeset
|
343 } |