Mercurial > hg > nginx

annotate src/mail/ngx_mail_realip_module.c @ 9299:2706b60dc225 default tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Core: error logging rate limiting. With this change, error logging to files can be rate-limited with the "rate=" parameter. The parameter specifies allowed log messages rate to a particular file (per worker), in messages per second (m/s). By default, "rate=1000m/s" is used. Rate limiting is implemented using the "leaky bucket" method, similarly to the limit_req module. Maximum burst size is set to the number of log messages per second for each severity level, so "error" messages are logged even if the rate limit is hit by "info" messages (but not vice versa). When the limit is reached for a particular level, the "too many log messages, limiting" message is logged at this level. If debug logging is enabled, either for the particular log file or for the particular connection, rate limiting is not used.
author Maxim Dounin <mdounin@mdounin.ru>
date Tue, 25 Jun 2024 22:58:56 +0300
parents ef4bdbbce57e
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
1
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
2 /*
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
3 * Copyright (C) Igor Sysoev
4412
d620f497c50f Copyright updated.
Maxim Konovalov <maxim@nginx.com>
parents: 3305
diff changeset
4 * Copyright (C) Nginx, Inc.
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
5 */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
6
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
7
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
8 #include <ngx_config.h>
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
9 #include <ngx_core.h>
7795
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
10 #include <ngx_mail.h>
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
11
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
12
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
13 typedef struct {
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
14 ngx_array_t *from; /* array of ngx_cidr_t */
7795
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
15 } ngx_mail_realip_srv_conf_t;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
16
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
17
7795
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
18 static ngx_int_t ngx_mail_realip_set_addr(ngx_mail_session_t *s,
6684
9cac11efb205 Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6671
diff changeset
19 ngx_addr_t *addr);
7795
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
20 static char *ngx_mail_realip_from(ngx_conf_t *cf, ngx_command_t *cmd,
6684
9cac11efb205 Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6671
diff changeset
21 void *conf);
7795
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
22 static void *ngx_mail_realip_create_srv_conf(ngx_conf_t *cf);
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
23 static char *ngx_mail_realip_merge_srv_conf(ngx_conf_t *cf, void *parent,
6684
9cac11efb205 Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6671
diff changeset
24 void *child);
6294
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
25
cebe43bace93 Realip: the $realip_remote_addr variable.
Ruslan Ermilov <ru@nginx.com>
parents: 5605
diff changeset
26
7795
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
27 static ngx_command_t ngx_mail_realip_commands[] = {
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
28
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
29 { ngx_string("set_real_ip_from"),
7795
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
30 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
31 ngx_mail_realip_from,
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
32 NGX_MAIL_SRV_CONF_OFFSET,
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
33 0,
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
34 NULL },
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
35
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
36 ngx_null_command
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
37 };
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
38
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
39
7795
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
40 static ngx_mail_module_t ngx_mail_realip_module_ctx = {
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
41 NULL, /* protocol */
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
42
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
43 NULL, /* create main configuration */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
44 NULL, /* init main configuration */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
45
7795
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
46 ngx_mail_realip_create_srv_conf, /* create server configuration */
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
47 ngx_mail_realip_merge_srv_conf /* merge server configuration */
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
48 };
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
49
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
50
7795
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
51 ngx_module_t ngx_mail_realip_module = {
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
52 NGX_MODULE_V1,
7795
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
53 &ngx_mail_realip_module_ctx, /* module context */
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
54 ngx_mail_realip_commands, /* module directives */
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
55 NGX_MAIL_MODULE, /* module type */
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
56 NULL, /* init master */
681
7e24168b0853 nginx-0.4.0-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 667
diff changeset
57 NULL, /* init module */
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
58 NULL, /* init process */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
59 NULL, /* init thread */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
60 NULL, /* exit thread */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
61 NULL, /* exit process */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
62 NULL, /* exit master */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
63 NGX_MODULE_V1_PADDING
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
64 };
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
65
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
66
7795
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
67 ngx_int_t
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
68 ngx_mail_realip_handler(ngx_mail_session_t *s)
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
69 {
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
70 ngx_addr_t addr;
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
71 ngx_connection_t *c;
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
72 ngx_mail_realip_srv_conf_t *rscf;
6562
b13d3a6f0512 Added the $realip_remote_port variable.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6474
diff changeset
73
7795
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
74 rscf = ngx_mail_get_module_srv_conf(s, ngx_mail_realip_module);
2176
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
75
6684
9cac11efb205 Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6671
diff changeset
76 if (rscf->from == NULL) {
7795
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
77 return NGX_OK;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
78 }
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
79
6684
9cac11efb205 Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6671
diff changeset
80 c = s->connection;
5605
3a72b1805c52 Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents: 5263
diff changeset
81
7590
06b01840bd42 Core: moved PROXY protocol fields out of ngx_connection_t.
Roman Arutyunyan <arut@nginx.com>
parents: 7077
diff changeset
82 if (c->proxy_protocol == NULL) {
7795
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
83 return NGX_OK;
6684
9cac11efb205 Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6671
diff changeset
84 }
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
85
6684
9cac11efb205 Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6671
diff changeset
86 if (ngx_cidr_match(c->sockaddr, rscf->from) != NGX_OK) {
7795
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
87 return NGX_OK;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
88 }
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
89
7590
06b01840bd42 Core: moved PROXY protocol fields out of ngx_connection_t.
Roman Arutyunyan <arut@nginx.com>
parents: 7077
diff changeset
90 if (ngx_parse_addr(c->pool, &addr, c->proxy_protocol->src_addr.data,
06b01840bd42 Core: moved PROXY protocol fields out of ngx_connection_t.
Roman Arutyunyan <arut@nginx.com>
parents: 7077
diff changeset
91 c->proxy_protocol->src_addr.len)
6684
9cac11efb205 Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6671
diff changeset
92 != NGX_OK)
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
93 {
7795
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
94 return NGX_OK;
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
95 }
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
96
7590
06b01840bd42 Core: moved PROXY protocol fields out of ngx_connection_t.
Roman Arutyunyan <arut@nginx.com>
parents: 7077
diff changeset
97 ngx_inet_set_port(addr.sockaddr, c->proxy_protocol->src_port);
6684
9cac11efb205 Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6671
diff changeset
98
7795
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
99 return ngx_mail_realip_set_addr(s, &addr);
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
100 }
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
101
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
102
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
103 static ngx_int_t
7795
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
104 ngx_mail_realip_set_addr(ngx_mail_session_t *s, ngx_addr_t *addr)
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
105 {
7795
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
106 size_t len;
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
107 u_char *p;
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
108 u_char text[NGX_SOCKADDR_STRLEN];
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
109 ngx_connection_t *c;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
110
6684
9cac11efb205 Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6671
diff changeset
111 c = s->connection;
9cac11efb205 Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6671
diff changeset
112
5263
05ba5bce31e0 Core: extended ngx_sock_ntop() with socklen parameter.
Vladimir Homutov <vl@nginx.com>
parents: 5084
diff changeset
113 len = ngx_sock_ntop(addr->sockaddr, addr->socklen, text,
05ba5bce31e0 Core: extended ngx_sock_ntop() with socklen parameter.
Vladimir Homutov <vl@nginx.com>
parents: 5084
diff changeset
114 NGX_SOCKADDR_STRLEN, 0);
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
115 if (len == 0) {
6684
9cac11efb205 Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6671
diff changeset
116 return NGX_ERROR;
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
117 }
1114
3f354952e91d fix broken values, debug logging, and style fix
Igor Sysoev <igor@sysoev.ru>
parents: 986
diff changeset
118
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
119 p = ngx_pnalloc(c->pool, len);
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
120 if (p == NULL) {
6684
9cac11efb205 Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6671
diff changeset
121 return NGX_ERROR;
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
122 }
1118
cec2866f29bd a client address must be allocated from a connection pool
Igor Sysoev <igor@sysoev.ru>
parents: 1114
diff changeset
123
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
124 ngx_memcpy(p, text, len);
2176
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
125
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
126 c->sockaddr = addr->sockaddr;
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
127 c->socklen = addr->socklen;
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
128 c->addr_text.len = len;
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
129 c->addr_text.data = p;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
130
7795
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
131 return NGX_OK;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
132 }
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
133
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
134
6684
9cac11efb205 Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6671
diff changeset
135 static char *
7795
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
136 ngx_mail_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
2176
29d26406e1bd restore connection address on request closure,
Igor Sysoev <igor@sysoev.ru>
parents: 2049
diff changeset
137 {
7795
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
138 ngx_mail_realip_srv_conf_t *rscf = conf;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
139
6997
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
140 ngx_int_t rc;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
141 ngx_str_t *value;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
142 ngx_url_t u;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
143 ngx_cidr_t c, *cidr;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
144 ngx_uint_t i;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
145 struct sockaddr_in *sin;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
146 #if (NGX_HAVE_INET6)
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
147 struct sockaddr_in6 *sin6;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
148 #endif
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
149
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
150 value = cf->args->elts;
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
151
6684
9cac11efb205 Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6671
diff changeset
152 if (rscf->from == NULL) {
9cac11efb205 Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6671
diff changeset
153 rscf->from = ngx_array_create(cf->pool, 2,
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
154 sizeof(ngx_cidr_t));
6684
9cac11efb205 Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6671
diff changeset
155 if (rscf->from == NULL) {
4624
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
156 return NGX_CONF_ERROR;
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
157 }
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
158 }
df93068953c0 realip: chains of trusted proxies and IPv6 support.
Ruslan Ermilov <ru@nginx.com>
parents: 4562
diff changeset
159
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
160 #if (NGX_HAVE_UNIX_DOMAIN)
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
161
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
162 if (ngx_strcmp(value[1].data, "unix:") == 0) {
6997
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
163 cidr = ngx_array_push(rscf->from);
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
164 if (cidr == NULL) {
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
165 return NGX_CONF_ERROR;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
166 }
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
167
6474
Ruslan Ermilov <ru@nginx.com>
parents: 6294
diff changeset
168 cidr->family = AF_UNIX;
Ruslan Ermilov <ru@nginx.com>
parents: 6294
diff changeset
169 return NGX_CONF_OK;
3274
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
170 }
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
171
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
172 #endif
95b0b0d7843f set_real_ip_from unix:
Igor Sysoev <igor@sysoev.ru>
parents: 3273
diff changeset
173
6997
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
174 rc = ngx_ptocidr(&value[1], &c);
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
175
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
176 if (rc != NGX_ERROR) {
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
177 if (rc == NGX_DONE) {
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
178 ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
179 "low address bits of %V are meaningless",
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
180 &value[1]);
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
181 }
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
182
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
183 cidr = ngx_array_push(rscf->from);
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
184 if (cidr == NULL) {
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
185 return NGX_CONF_ERROR;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
186 }
1380
b590a528fd41 ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents: 1118
diff changeset
187
6997
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
188 *cidr = c;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
189
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
190 return NGX_CONF_OK;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
191 }
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
192
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
193 ngx_memzero(&u, sizeof(ngx_url_t));
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
194 u.host = value[1];
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
195
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
196 if (ngx_inet_resolve_host(cf->pool, &u) != NGX_OK) {
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
197 if (u.err) {
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
198 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
199 "%s in set_real_ip_from \"%V\"",
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
200 u.err, &u.host);
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
201 }
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
202
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
203 return NGX_CONF_ERROR;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
204 }
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
205
6997
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
206 cidr = ngx_array_push_n(rscf->from, u.naddrs);
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
207 if (cidr == NULL) {
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
208 return NGX_CONF_ERROR;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
209 }
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
210
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
211 ngx_memzero(cidr, u.naddrs * sizeof(ngx_cidr_t));
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
212
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
213 for (i = 0; i < u.naddrs; i++) {
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
214 cidr[i].family = u.addrs[i].sockaddr->sa_family;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
215
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
216 switch (cidr[i].family) {
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
217
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
218 #if (NGX_HAVE_INET6)
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
219 case AF_INET6:
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
220 sin6 = (struct sockaddr_in6 *) u.addrs[i].sockaddr;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
221 cidr[i].u.in6.addr = sin6->sin6_addr;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
222 ngx_memset(cidr[i].u.in6.mask.s6_addr, 0xff, 16);
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
223 break;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
224 #endif
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
225
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
226 default: /* AF_INET */
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
227 sin = (struct sockaddr_in *) u.addrs[i].sockaddr;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
228 cidr[i].u.in.addr = sin->sin_addr.s_addr;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
229 cidr[i].u.in.mask = 0xffffffff;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
230 break;
df1a62c83b1b Realip: allow hostnames in set_real_ip_from (ticket #1180).
Ruslan Ermilov <ru@nginx.com>
parents: 6693
diff changeset
231 }
1380
b590a528fd41 ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents: 1118
diff changeset
232 }
b590a528fd41 ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents: 1118
diff changeset
233
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
234 return NGX_CONF_OK;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
235 }
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
236
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
237
6684
9cac11efb205 Stream: realip module.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6671
diff changeset
238 static void *
7795
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
239 ngx_mail_realip_create_srv_conf(ngx_conf_t *cf)
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
240 {
7795
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
241 ngx_mail_realip_srv_conf_t *conf;
2257
74d270c8821e real_ip_header supports any header
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
242
7795
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
243 conf = ngx_pcalloc(cf->pool, sizeof(ngx_mail_realip_srv_conf_t));
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
244 if (conf == NULL) {
2912
c7d57b539248 return NULL instead of NGX_CONF_ERROR on a create conf failure
Igor Sysoev <igor@sysoev.ru>
parents: 2537
diff changeset
245 return NULL;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
246 }
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
247
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
248 /*
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
249 * set by ngx_pcalloc():
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
250 *
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
251 * conf->from = NULL;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
252 */
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
253
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
254 return conf;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
255 }
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
256
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
257
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
258 static char *
7795
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
259 ngx_mail_realip_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
260 {
7795
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
261 ngx_mail_realip_srv_conf_t *prev = parent;
ef4bdbbce57e Mail: realip module.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7590
diff changeset
262 ngx_mail_realip_srv_conf_t *conf = child;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
263
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
264 if (conf->from == NULL) {
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
265 conf->from = prev->from;
3305
8017f9bda3f6 fix "set_real_ip_from unix:" inheritance
Igor Sysoev <igor@sysoev.ru>
parents: 3291
diff changeset
266 }
8017f9bda3f6 fix "set_real_ip_from unix:" inheritance
Igor Sysoev <igor@sysoev.ru>
parents: 3291
diff changeset
267
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
268 return NGX_CONF_OK;
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
269 }