Mercurial > hg > nginx
annotate src/core/ngx_proxy_protocol.c @ 6982:ac9b1df5b246
SSL: disabled renegotiation detection in client mode.
CVE-2009-3555 is no longer relevant and mitigated by the renegotiation
info extension (secure renegotiation). On the other hand, unexpected
renegotiation still introduces potential security risks, and hence we do
not allow renegotiation on the server side, as we never request renegotiation.
On the client side the situation is different though. There are backends
which explicitly request renegotiation, and disabled renegotiation
introduces interoperability problems. This change allows renegotiation
on the client side, and fixes interoperability problems as observed with
such backends (ticket #872).
Additionally, with TLSv1.3 the SSL_CB_HANDSHAKE_START flag is currently set
by OpenSSL when receiving a NewSessionTicket message, and was detected by
nginx as a renegotiation attempt. This looks like a bug in OpenSSL, though
this change also allows better interoperability till the problem is fixed.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 18 Apr 2017 16:08:44 +0300 |
parents | b3b7e33083ac |
children | 416953ef0428 |
rev | line source |
---|---|
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
1 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
2 /* |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
3 * Copyright (C) Roman Arutyunyan |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
4 * Copyright (C) Nginx, Inc. |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
5 */ |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
6 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
7 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
8 #include <ngx_config.h> |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
9 #include <ngx_core.h> |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
10 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
11 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
12 u_char * |
6185
a420cb1c170b
Core: renamed ngx_proxy_protocol_parse to ngx_proxy_protocol_read.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
13 ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf, u_char *last) |
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
14 { |
6561
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
15 size_t len; |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
16 u_char ch, *p, *addr, *port; |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
17 ngx_int_t n; |
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
18 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
19 p = buf; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
20 len = last - buf; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
21 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
22 if (len < 8 || ngx_strncmp(p, "PROXY ", 6) != 0) { |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
23 goto invalid; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
24 } |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
25 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
26 p += 6; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
27 len -= 6; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
28 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
29 if (len >= 7 && ngx_strncmp(p, "UNKNOWN", 7) == 0) { |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
30 ngx_log_debug0(NGX_LOG_DEBUG_CORE, c->log, 0, |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
31 "PROXY protocol unknown protocol"); |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
32 p += 7; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
33 goto skip; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
34 } |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
35 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
36 if (len < 5 || ngx_strncmp(p, "TCP", 3) != 0 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
37 || (p[3] != '4' && p[3] != '6') || p[4] != ' ') |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
38 { |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
39 goto invalid; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
40 } |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
41 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
42 p += 5; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
43 addr = p; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
44 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
45 for ( ;; ) { |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
46 if (p == last) { |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
47 goto invalid; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
48 } |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
49 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
50 ch = *p++; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
51 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
52 if (ch == ' ') { |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
53 break; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
54 } |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
55 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
56 if (ch != ':' && ch != '.' |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
57 && (ch < 'a' || ch > 'f') |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
58 && (ch < 'A' || ch > 'F') |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
59 && (ch < '0' || ch > '9')) |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
60 { |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
61 goto invalid; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
62 } |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
63 } |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
64 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
65 len = p - addr - 1; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
66 c->proxy_protocol_addr.data = ngx_pnalloc(c->pool, len); |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
67 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
68 if (c->proxy_protocol_addr.data == NULL) { |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
69 return NULL; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
70 } |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
71 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
72 ngx_memcpy(c->proxy_protocol_addr.data, addr, len); |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
73 c->proxy_protocol_addr.len = len; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
74 |
6561
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
75 for ( ;; ) { |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
76 if (p == last) { |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
77 goto invalid; |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
78 } |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
79 |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
80 if (*p++ == ' ') { |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
81 break; |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
82 } |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
83 } |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
84 |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
85 port = p; |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
86 |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
87 for ( ;; ) { |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
88 if (p == last) { |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
89 goto invalid; |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
90 } |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
91 |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
92 if (*p++ == ' ') { |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
93 break; |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
94 } |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
95 } |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
96 |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
97 len = p - port - 1; |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
98 |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
99 n = ngx_atoi(port, len); |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
100 |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
101 if (n < 0 || n > 65535) { |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
102 goto invalid; |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
103 } |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
104 |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
105 c->proxy_protocol_port = (in_port_t) n; |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
106 |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
107 ngx_log_debug2(NGX_LOG_DEBUG_CORE, c->log, 0, |
28c76d9d75b7
Added the $proxy_protocol_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6185
diff
changeset
|
108 "PROXY protocol address: %V %i", &c->proxy_protocol_addr, n); |
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
109 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
110 skip: |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
111 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
112 for ( /* void */ ; p < last - 1; p++) { |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
113 if (p[0] == CR && p[1] == LF) { |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
114 return p + 2; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
115 } |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
116 } |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
117 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
118 invalid: |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
119 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
120 ngx_log_error(NGX_LOG_ERR, c->log, 0, |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
121 "broken header: \"%*s\"", (size_t) (last - buf), buf); |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
122 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
123 return NULL; |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
124 } |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
125 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
126 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
127 u_char * |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
128 ngx_proxy_protocol_write(ngx_connection_t *c, u_char *buf, u_char *last) |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
129 { |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
130 ngx_uint_t port, lport; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
131 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
132 if (last - buf < NGX_PROXY_PROTOCOL_MAX_HEADER) { |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
133 return NULL; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
134 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
135 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
136 if (ngx_connection_local_sockaddr(c, NULL, 0) != NGX_OK) { |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
137 return NULL; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
138 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
139 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
140 switch (c->sockaddr->sa_family) { |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
141 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
142 case AF_INET: |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
143 buf = ngx_cpymem(buf, "PROXY TCP4 ", sizeof("PROXY TCP4 ") - 1); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
144 break; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
145 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
146 #if (NGX_HAVE_INET6) |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
147 case AF_INET6: |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
148 buf = ngx_cpymem(buf, "PROXY TCP6 ", sizeof("PROXY TCP6 ") - 1); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
149 break; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
150 #endif |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
151 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
152 default: |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
153 return ngx_cpymem(buf, "PROXY UNKNOWN" CRLF, |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
154 sizeof("PROXY UNKNOWN" CRLF) - 1); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
155 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
156 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
157 buf += ngx_sock_ntop(c->sockaddr, c->socklen, buf, last - buf, 0); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
158 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
159 *buf++ = ' '; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
160 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
161 buf += ngx_sock_ntop(c->local_sockaddr, c->local_socklen, buf, last - buf, |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
162 0); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
163 |
6593
b3b7e33083ac
Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
Roman Arutyunyan <arut@nginx.com>
parents:
6561
diff
changeset
|
164 port = ngx_inet_get_port(c->sockaddr); |
b3b7e33083ac
Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
Roman Arutyunyan <arut@nginx.com>
parents:
6561
diff
changeset
|
165 lport = ngx_inet_get_port(c->local_sockaddr); |
b3b7e33083ac
Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
Roman Arutyunyan <arut@nginx.com>
parents:
6561
diff
changeset
|
166 |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
167 return ngx_slprintf(buf, last, " %ui %ui" CRLF, port, lport); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
168 } |