nginx: src/stream/ngx_stream_access

annotate src/stream/ngx_stream_access_module.c @ 6749:f88a145b093e stable-1.10

HTTP/2: the "421 Misdirected Request" response (closes #848). Since 4fbef397c753 nginx rejects with the 400 error any attempts of requesting different host over the same connection, if the relevant virtual server requires verification of a client certificate. While requesting hosts other than negotiated isn't something legal in HTTP/1.x, the HTTP/2 specification explicitly permits such requests for connection reuse and has introduced a special response code 421. According to RFC 7540 Section 9.1.2 this code can be sent by a server that is not configured to produce responses for the combination of scheme and authority that are included in the request URI. And the client may retry the request over a different connection. Now this code is used for requests that aren't authorized in current connection. After receiving the 421 response a client will be able to open a new connection, provide the required certificate and retry the request. Unfortunately, not all clients currently are able to handle it well. Notably Chrome just shows an error, while at least the latest version of Firefox retries the request over a new connection.

author	Valentin Bartenev <vbart@nginx.com>
date	Fri, 20 May 2016 18:41:17 +0300
parents	8807a2369b1a
children	2f41d383c9c7

rev	line source
6175 8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	2 /*
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	3 * Copyright (C) Igor Sysoev
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	4 * Copyright (C) Nginx, Inc.
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	5 */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	6
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	7
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	8 #include <ngx_config.h>
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	9 #include <ngx_core.h>
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	10 #include <ngx_stream.h>
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	11
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	12
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	13 typedef struct {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	14 in_addr_t mask;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	15 in_addr_t addr;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	16 ngx_uint_t deny; /* unsigned deny:1; */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	17 } ngx_stream_access_rule_t;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	18
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	19 #if (NGX_HAVE_INET6)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	20
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	21 typedef struct {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	22 struct in6_addr addr;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	23 struct in6_addr mask;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	24 ngx_uint_t deny; /* unsigned deny:1; */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	25 } ngx_stream_access_rule6_t;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	26
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	27 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	28
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	29 #if (NGX_HAVE_UNIX_DOMAIN)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	30
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	31 typedef struct {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	32 ngx_uint_t deny; /* unsigned deny:1; */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	33 } ngx_stream_access_rule_un_t;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	34
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	35 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	36
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	37 typedef struct {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	38 ngx_array_t rules; / array of ngx_stream_access_rule_t */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	39 #if (NGX_HAVE_INET6)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	40 ngx_array_t rules6; / array of ngx_stream_access_rule6_t */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	41 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	42 #if (NGX_HAVE_UNIX_DOMAIN)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	43 ngx_array_t rules_un; / array of ngx_stream_access_rule_un_t */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	44 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	45 } ngx_stream_access_srv_conf_t;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	46
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	47
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	48 static ngx_int_t ngx_stream_access_handler(ngx_stream_session_t *s);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	49 static ngx_int_t ngx_stream_access_inet(ngx_stream_session_t *s,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	50 ngx_stream_access_srv_conf_t *ascf, in_addr_t addr);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	51 #if (NGX_HAVE_INET6)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	52 static ngx_int_t ngx_stream_access_inet6(ngx_stream_session_t *s,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	53 ngx_stream_access_srv_conf_t ascf, u_char p);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	54 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	55 #if (NGX_HAVE_UNIX_DOMAIN)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	56 static ngx_int_t ngx_stream_access_unix(ngx_stream_session_t *s,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	57 ngx_stream_access_srv_conf_t *ascf);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	58 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	59 static ngx_int_t ngx_stream_access_found(ngx_stream_session_t *s,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	60 ngx_uint_t deny);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	61 static char ngx_stream_access_rule(ngx_conf_t cf, ngx_command_t *cmd,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	62 void *conf);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	63 static void ngx_stream_access_create_srv_conf(ngx_conf_t cf);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	64 static char ngx_stream_access_merge_srv_conf(ngx_conf_t cf,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	65 void parent, void child);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	66 static ngx_int_t ngx_stream_access_init(ngx_conf_t *cf);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	67
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	68
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	69 static ngx_command_t ngx_stream_access_commands[] = {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	70
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	71 { ngx_string("allow"),
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	72 NGX_STREAM_MAIN_CONF\|NGX_STREAM_SRV_CONF\|NGX_CONF_TAKE1,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	73 ngx_stream_access_rule,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	74 NGX_STREAM_SRV_CONF_OFFSET,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	75 0,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	76 NULL },
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	77
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	78 { ngx_string("deny"),
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	79 NGX_STREAM_MAIN_CONF\|NGX_STREAM_SRV_CONF\|NGX_CONF_TAKE1,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	80 ngx_stream_access_rule,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	81 NGX_STREAM_SRV_CONF_OFFSET,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	82 0,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	83 NULL },
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	84
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	85 ngx_null_command
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	86 };
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	87
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	88
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	89
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	90 static ngx_stream_module_t ngx_stream_access_module_ctx = {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	91 ngx_stream_access_init, /* postconfiguration */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	92
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	93 NULL, /* create main configuration */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	94 NULL, /* init main configuration */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	95
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	96 ngx_stream_access_create_srv_conf, /* create server configuration */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	97 ngx_stream_access_merge_srv_conf /* merge server configuration */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	98 };
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	99
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	100
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	101 ngx_module_t ngx_stream_access_module = {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	102 NGX_MODULE_V1,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	103 &ngx_stream_access_module_ctx, /* module context */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	104 ngx_stream_access_commands, /* module directives */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	105 NGX_STREAM_MODULE, /* module type */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	106 NULL, /* init master */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	107 NULL, /* init module */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	108 NULL, /* init process */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	109 NULL, /* init thread */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	110 NULL, /* exit thread */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	111 NULL, /* exit process */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	112 NULL, /* exit master */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	113 NGX_MODULE_V1_PADDING
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	114 };
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	115
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	116
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	117 static ngx_int_t
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	118 ngx_stream_access_handler(ngx_stream_session_t *s)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	119 {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	120 struct sockaddr_in *sin;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	121 ngx_stream_access_srv_conf_t *ascf;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	122 #if (NGX_HAVE_INET6)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	123 u_char *p;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	124 in_addr_t addr;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	125 struct sockaddr_in6 *sin6;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	126 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	127
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	128 ascf = ngx_stream_get_module_srv_conf(s, ngx_stream_access_module);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	129
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	130 switch (s->connection->sockaddr->sa_family) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	131
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	132 case AF_INET:
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	133 if (ascf->rules) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	134 sin = (struct sockaddr_in *) s->connection->sockaddr;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	135 return ngx_stream_access_inet(s, ascf, sin->sin_addr.s_addr);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	136 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	137 break;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	138
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	139 #if (NGX_HAVE_INET6)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	140
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	141 case AF_INET6:
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	142 sin6 = (struct sockaddr_in6 *) s->connection->sockaddr;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	143 p = sin6->sin6_addr.s6_addr;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	144
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	145 if (ascf->rules && IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	146 addr = p[12] << 24;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	147 addr += p[13] << 16;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	148 addr += p[14] << 8;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	149 addr += p[15];
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	150 return ngx_stream_access_inet(s, ascf, htonl(addr));
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	151 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	152
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	153 if (ascf->rules6) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	154 return ngx_stream_access_inet6(s, ascf, p);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	155 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	156
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	157 break;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	158
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	159 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	160
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	161 #if (NGX_HAVE_UNIX_DOMAIN)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	162
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	163 case AF_UNIX:
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	164 if (ascf->rules_un) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	165 return ngx_stream_access_unix(s, ascf);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	166 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	167
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	168 break;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	169
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	170 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	171 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	172
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	173 return NGX_DECLINED;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	174 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	175
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	176
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	177 static ngx_int_t
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	178 ngx_stream_access_inet(ngx_stream_session_t *s,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	179 ngx_stream_access_srv_conf_t *ascf, in_addr_t addr)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	180 {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	181 ngx_uint_t i;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	182 ngx_stream_access_rule_t *rule;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	183
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	184 rule = ascf->rules->elts;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	185 for (i = 0; i < ascf->rules->nelts; i++) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	186
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	187 ngx_log_debug3(NGX_LOG_DEBUG_STREAM, s->connection->log, 0,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	188 "access: %08XD %08XD %08XD",
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	189 addr, rule[i].mask, rule[i].addr);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	190
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	191 if ((addr & rule[i].mask) == rule[i].addr) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	192 return ngx_stream_access_found(s, rule[i].deny);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	193 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	194 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	195
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	196 return NGX_DECLINED;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	197 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	198
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	199
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	200 #if (NGX_HAVE_INET6)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	201
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	202 static ngx_int_t
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	203 ngx_stream_access_inet6(ngx_stream_session_t *s,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	204 ngx_stream_access_srv_conf_t ascf, u_char p)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	205 {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	206 ngx_uint_t n;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	207 ngx_uint_t i;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	208 ngx_stream_access_rule6_t *rule6;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	209
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	210 rule6 = ascf->rules6->elts;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	211 for (i = 0; i < ascf->rules6->nelts; i++) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	212
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	213 #if (NGX_DEBUG)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	214 {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	215 size_t cl, ml, al;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	216 u_char ct[NGX_INET6_ADDRSTRLEN];
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	217 u_char mt[NGX_INET6_ADDRSTRLEN];
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	218 u_char at[NGX_INET6_ADDRSTRLEN];
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	219
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	220 cl = ngx_inet6_ntop(p, ct, NGX_INET6_ADDRSTRLEN);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	221 ml = ngx_inet6_ntop(rule6[i].mask.s6_addr, mt, NGX_INET6_ADDRSTRLEN);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	222 al = ngx_inet6_ntop(rule6[i].addr.s6_addr, at, NGX_INET6_ADDRSTRLEN);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	223
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	224 ngx_log_debug6(NGX_LOG_DEBUG_STREAM, s->connection->log, 0,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	225 "access: %s %s %*s", cl, ct, ml, mt, al, at);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	226 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	227 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	228
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	229 for (n = 0; n < 16; n++) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	230 if ((p[n] & rule6[i].mask.s6_addr[n]) != rule6[i].addr.s6_addr[n]) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	231 goto next;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	232 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	233 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	234
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	235 return ngx_stream_access_found(s, rule6[i].deny);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	236
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	237 next:
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	238 continue;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	239 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	240
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	241 return NGX_DECLINED;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	242 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	243
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	244 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	245
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	246
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	247 #if (NGX_HAVE_UNIX_DOMAIN)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	248
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	249 static ngx_int_t
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	250 ngx_stream_access_unix(ngx_stream_session_t *s,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	251 ngx_stream_access_srv_conf_t *ascf)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	252 {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	253 ngx_uint_t i;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	254 ngx_stream_access_rule_un_t *rule_un;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	255
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	256 rule_un = ascf->rules_un->elts;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	257 for (i = 0; i < ascf->rules_un->nelts; i++) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	258
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	259 /* TODO: check path */
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	260 if (1) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	261 return ngx_stream_access_found(s, rule_un[i].deny);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	262 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	263 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	264
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	265 return NGX_DECLINED;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	266 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	267
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	268 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	269
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	270
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	271 static ngx_int_t
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	272 ngx_stream_access_found(ngx_stream_session_t *s, ngx_uint_t deny)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	273 {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	274 if (deny) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	275 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	276 "access forbidden by rule");
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	277 return NGX_ABORT;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	278 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	279
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	280 return NGX_OK;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	281 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	282
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	283
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	284 static char *
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	285 ngx_stream_access_rule(ngx_conf_t cf, ngx_command_t cmd, void *conf)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	286 {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	287 ngx_stream_access_srv_conf_t *ascf = conf;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	288
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	289 ngx_int_t rc;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	290 ngx_uint_t all;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	291 ngx_str_t *value;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	292 ngx_cidr_t cidr;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	293 ngx_stream_access_rule_t *rule;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	294 #if (NGX_HAVE_INET6)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	295 ngx_stream_access_rule6_t *rule6;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	296 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	297 #if (NGX_HAVE_UNIX_DOMAIN)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	298 ngx_stream_access_rule_un_t *rule_un;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	299 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	300
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	301 ngx_memzero(&cidr, sizeof(ngx_cidr_t));
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	302
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	303 value = cf->args->elts;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	304
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	305 all = (value[1].len == 3 && ngx_strcmp(value[1].data, "all") == 0);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	306
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	307 if (!all) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	308
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	309 #if (NGX_HAVE_UNIX_DOMAIN)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	310
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	311 if (value[1].len == 5 && ngx_strcmp(value[1].data, "unix:") == 0) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	312 cidr.family = AF_UNIX;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	313 rc = NGX_OK;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	314
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	315 } else {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	316 rc = ngx_ptocidr(&value[1], &cidr);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	317 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	318
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	319 #else
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	320 rc = ngx_ptocidr(&value[1], &cidr);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	321 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	322
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	323 if (rc == NGX_ERROR) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	324 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	325 "invalid parameter \"%V\"", &value[1]);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	326 return NGX_CONF_ERROR;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	327 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	328
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	329 if (rc == NGX_DONE) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	330 ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	331 "low address bits of %V are meaningless", &value[1]);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	332 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	333 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	334
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	335 if (cidr.family == AF_INET \|\| all) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	336
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	337 if (ascf->rules == NULL) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	338 ascf->rules = ngx_array_create(cf->pool, 4,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	339 sizeof(ngx_stream_access_rule_t));
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	340 if (ascf->rules == NULL) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	341 return NGX_CONF_ERROR;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	342 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	343 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	344
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	345 rule = ngx_array_push(ascf->rules);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	346 if (rule == NULL) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	347 return NGX_CONF_ERROR;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	348 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	349
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	350 rule->mask = cidr.u.in.mask;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	351 rule->addr = cidr.u.in.addr;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	352 rule->deny = (value[0].data[0] == 'd') ? 1 : 0;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	353 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	354
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	355 #if (NGX_HAVE_INET6)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	356 if (cidr.family == AF_INET6 \|\| all) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	357
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	358 if (ascf->rules6 == NULL) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	359 ascf->rules6 = ngx_array_create(cf->pool, 4,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	360 sizeof(ngx_stream_access_rule6_t));
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	361 if (ascf->rules6 == NULL) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	362 return NGX_CONF_ERROR;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	363 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	364 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	365
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	366 rule6 = ngx_array_push(ascf->rules6);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	367 if (rule6 == NULL) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	368 return NGX_CONF_ERROR;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	369 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	370
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	371 rule6->mask = cidr.u.in6.mask;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	372 rule6->addr = cidr.u.in6.addr;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	373 rule6->deny = (value[0].data[0] == 'd') ? 1 : 0;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	374 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	375 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	376
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	377 #if (NGX_HAVE_UNIX_DOMAIN)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	378 if (cidr.family == AF_UNIX \|\| all) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	379
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	380 if (ascf->rules_un == NULL) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	381 ascf->rules_un = ngx_array_create(cf->pool, 1,
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	382 sizeof(ngx_stream_access_rule_un_t));
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	383 if (ascf->rules_un == NULL) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	384 return NGX_CONF_ERROR;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	385 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	386 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	387
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	388 rule_un = ngx_array_push(ascf->rules_un);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	389 if (rule_un == NULL) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	390 return NGX_CONF_ERROR;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	391 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	392
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	393 rule_un->deny = (value[0].data[0] == 'd') ? 1 : 0;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	394 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	395 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	396
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	397 return NGX_CONF_OK;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	398 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	399
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	400
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	401 static void *
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	402 ngx_stream_access_create_srv_conf(ngx_conf_t *cf)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	403 {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	404 ngx_stream_access_srv_conf_t *conf;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	405
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	406 conf = ngx_pcalloc(cf->pool, sizeof(ngx_stream_access_srv_conf_t));
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	407 if (conf == NULL) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	408 return NULL;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	409 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	410
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	411 return conf;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	412 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	413
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	414
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	415 static char *
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	416 ngx_stream_access_merge_srv_conf(ngx_conf_t cf, void parent, void *child)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	417 {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	418 ngx_stream_access_srv_conf_t *prev = parent;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	419 ngx_stream_access_srv_conf_t *conf = child;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	420
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	421 if (conf->rules == NULL
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	422 #if (NGX_HAVE_INET6)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	423 && conf->rules6 == NULL
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	424 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	425 #if (NGX_HAVE_UNIX_DOMAIN)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	426 && conf->rules_un == NULL
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	427 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	428 ) {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	429 conf->rules = prev->rules;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	430 #if (NGX_HAVE_INET6)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	431 conf->rules6 = prev->rules6;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	432 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	433 #if (NGX_HAVE_UNIX_DOMAIN)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	434 conf->rules_un = prev->rules_un;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	435 #endif
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	436 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	437
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	438 return NGX_CONF_OK;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	439 }
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	440
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	441
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	442 static ngx_int_t
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	443 ngx_stream_access_init(ngx_conf_t *cf)
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	444 {
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	445 ngx_stream_core_main_conf_t *cmcf;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	446
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	447 cmcf = ngx_stream_conf_get_module_main_conf(cf, ngx_stream_core_module);
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	448 cmcf->access_handler = ngx_stream_access_handler;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	449
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	450 return NGX_OK;
8807a2369b1a Stream: access module. Vladimir Homutov <vl@nginx.com> parents: diff changeset	451 }

Mercurial > hg > nginx

annotate src/stream/ngx_stream_access_module.c @ 6749:f88a145b093e stable-1.10