Mercurial > hg > nginx
comparison src/core/ngx_proxy_protocol.c @ 7590:06b01840bd42
Core: moved PROXY protocol fields out of ngx_connection_t.
Now a new structure ngx_proxy_protocol_t holds these fields. This allows
to add more PROXY protocol fields in the future without modifying the
connection structure.
| author | Roman Arutyunyan <arut@nginx.com> |
|---|---|
| date | Mon, 21 Oct 2019 18:06:19 +0300 |
| parents | 1fd992589ffe |
| children | 89adf49fe76a |
comparison
equal
deleted
inserted
replaced
| 7589:486d2e0b1b6f | 7590:06b01840bd42 |
|---|---|
| 45 | 45 |
| 46 | 46 |
| 47 u_char * | 47 u_char * |
| 48 ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf, u_char *last) | 48 ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf, u_char *last) |
| 49 { | 49 { |
| 50 size_t len; | 50 size_t len; |
| 51 u_char ch, *p, *addr, *port; | 51 u_char ch, *p, *addr, *port; |
| 52 ngx_int_t n; | 52 ngx_int_t n; |
| 53 ngx_proxy_protocol_t *pp; | |
| 53 | 54 |
| 54 static const u_char signature[] = "\r\n\r\n\0\r\nQUIT\n"; | 55 static const u_char signature[] = "\r\n\r\n\0\r\nQUIT\n"; |
| 55 | 56 |
| 56 p = buf; | 57 p = buf; |
| 57 len = last - buf; | 58 len = last - buf; |
| 103 { | 104 { |
| 104 goto invalid; | 105 goto invalid; |
| 105 } | 106 } |
| 106 } | 107 } |
| 107 | 108 |
| 109 pp = ngx_pcalloc(c->pool, sizeof(ngx_proxy_protocol_t)); | |
| 110 if (pp == NULL) { | |
| 111 return NULL; | |
| 112 } | |
| 113 | |
| 108 len = p - addr - 1; | 114 len = p - addr - 1; |
| 109 c->proxy_protocol_addr.data = ngx_pnalloc(c->pool, len); | 115 |
| 110 | 116 pp->src_addr.data = ngx_pnalloc(c->pool, len); |
| 111 if (c->proxy_protocol_addr.data == NULL) { | 117 if (pp->src_addr.data == NULL) { |
| 112 return NULL; | 118 return NULL; |
| 113 } | 119 } |
| 114 | 120 |
| 115 ngx_memcpy(c->proxy_protocol_addr.data, addr, len); | 121 ngx_memcpy(pp->src_addr.data, addr, len); |
| 116 c->proxy_protocol_addr.len = len; | 122 pp->src_addr.len = len; |
| 117 | 123 |
| 118 for ( ;; ) { | 124 for ( ;; ) { |
| 119 if (p == last) { | 125 if (p == last) { |
| 120 goto invalid; | 126 goto invalid; |
| 121 } | 127 } |
| 143 | 149 |
| 144 if (n < 0 || n > 65535) { | 150 if (n < 0 || n > 65535) { |
| 145 goto invalid; | 151 goto invalid; |
| 146 } | 152 } |
| 147 | 153 |
| 148 c->proxy_protocol_port = (in_port_t) n; | 154 pp->src_port = (in_port_t) n; |
| 149 | 155 |
| 150 ngx_log_debug2(NGX_LOG_DEBUG_CORE, c->log, 0, | 156 ngx_log_debug2(NGX_LOG_DEBUG_CORE, c->log, 0, |
| 151 "PROXY protocol address: %V %d", &c->proxy_protocol_addr, | 157 "PROXY protocol address: %V %d", &pp->src_addr, |
| 152 c->proxy_protocol_port); | 158 pp->src_port); |
| 159 | |
| 160 c->proxy_protocol = pp; | |
| 153 | 161 |
| 154 skip: | 162 skip: |
| 155 | 163 |
| 156 for ( /* void */ ; p < last - 1; p++) { | 164 for ( /* void */ ; p < last - 1; p++) { |
| 157 if (p[0] == CR && p[1] == LF) { | 165 if (p[0] == CR && p[1] == LF) { |
| 218 u_char *end; | 226 u_char *end; |
| 219 size_t len; | 227 size_t len; |
| 220 socklen_t socklen; | 228 socklen_t socklen; |
| 221 ngx_uint_t version, command, family, transport; | 229 ngx_uint_t version, command, family, transport; |
| 222 ngx_sockaddr_t sockaddr; | 230 ngx_sockaddr_t sockaddr; |
| 231 ngx_proxy_protocol_t *pp; | |
| 223 ngx_proxy_protocol_header_t *header; | 232 ngx_proxy_protocol_header_t *header; |
| 224 ngx_proxy_protocol_inet_addrs_t *in; | 233 ngx_proxy_protocol_inet_addrs_t *in; |
| 225 #if (NGX_HAVE_INET6) | 234 #if (NGX_HAVE_INET6) |
| 226 ngx_proxy_protocol_inet6_addrs_t *in6; | 235 ngx_proxy_protocol_inet6_addrs_t *in6; |
| 227 #endif | 236 #endif |
| 264 "PROXY protocol v2 unsupported transport %ui", | 273 "PROXY protocol v2 unsupported transport %ui", |
| 265 transport); | 274 transport); |
| 266 return end; | 275 return end; |
| 267 } | 276 } |
| 268 | 277 |
| 278 pp = ngx_pcalloc(c->pool, sizeof(ngx_proxy_protocol_t)); | |
| 279 if (pp == NULL) { | |
| 280 return NULL; | |
| 281 } | |
| 282 | |
| 269 family = header->family_transport >> 4; | 283 family = header->family_transport >> 4; |
| 270 | 284 |
| 271 switch (family) { | 285 switch (family) { |
| 272 | 286 |
| 273 case NGX_PROXY_PROTOCOL_AF_INET: | 287 case NGX_PROXY_PROTOCOL_AF_INET: |
| 280 | 294 |
| 281 sockaddr.sockaddr_in.sin_family = AF_INET; | 295 sockaddr.sockaddr_in.sin_family = AF_INET; |
| 282 sockaddr.sockaddr_in.sin_port = 0; | 296 sockaddr.sockaddr_in.sin_port = 0; |
| 283 memcpy(&sockaddr.sockaddr_in.sin_addr, in->src_addr, 4); | 297 memcpy(&sockaddr.sockaddr_in.sin_addr, in->src_addr, 4); |
| 284 | 298 |
| 285 c->proxy_protocol_port = ngx_proxy_protocol_parse_uint16(in->src_port); | 299 pp->src_port = ngx_proxy_protocol_parse_uint16(in->src_port); |
| 286 | 300 |
| 287 socklen = sizeof(struct sockaddr_in); | 301 socklen = sizeof(struct sockaddr_in); |
| 288 | 302 |
| 289 buf += sizeof(ngx_proxy_protocol_inet_addrs_t); | 303 buf += sizeof(ngx_proxy_protocol_inet_addrs_t); |
| 290 | 304 |
| 302 | 316 |
| 303 sockaddr.sockaddr_in6.sin6_family = AF_INET6; | 317 sockaddr.sockaddr_in6.sin6_family = AF_INET6; |
| 304 sockaddr.sockaddr_in6.sin6_port = 0; | 318 sockaddr.sockaddr_in6.sin6_port = 0; |
| 305 memcpy(&sockaddr.sockaddr_in6.sin6_addr, in6->src_addr, 16); | 319 memcpy(&sockaddr.sockaddr_in6.sin6_addr, in6->src_addr, 16); |
| 306 | 320 |
| 307 c->proxy_protocol_port = ngx_proxy_protocol_parse_uint16(in6->src_port); | 321 pp->src_port = ngx_proxy_protocol_parse_uint16(in6->src_port); |
| 308 | 322 |
| 309 socklen = sizeof(struct sockaddr_in6); | 323 socklen = sizeof(struct sockaddr_in6); |
| 310 | 324 |
| 311 buf += sizeof(ngx_proxy_protocol_inet6_addrs_t); | 325 buf += sizeof(ngx_proxy_protocol_inet6_addrs_t); |
| 312 | 326 |
| 319 "PROXY protocol v2 unsupported address family %ui", | 333 "PROXY protocol v2 unsupported address family %ui", |
| 320 family); | 334 family); |
| 321 return end; | 335 return end; |
| 322 } | 336 } |
| 323 | 337 |
| 324 c->proxy_protocol_addr.data = ngx_pnalloc(c->pool, NGX_SOCKADDR_STRLEN); | 338 pp->src_addr.data = ngx_pnalloc(c->pool, NGX_SOCKADDR_STRLEN); |
| 325 if (c->proxy_protocol_addr.data == NULL) { | 339 if (pp->src_addr.data == NULL) { |
| 326 return NULL; | 340 return NULL; |
| 327 } | 341 } |
| 328 | 342 |
| 329 c->proxy_protocol_addr.len = ngx_sock_ntop(&sockaddr.sockaddr, socklen, | 343 pp->src_addr.len = ngx_sock_ntop(&sockaddr.sockaddr, socklen, |
| 330 c->proxy_protocol_addr.data, | 344 pp->src_addr.data, NGX_SOCKADDR_STRLEN, 0); |
| 331 NGX_SOCKADDR_STRLEN, 0); | |
| 332 | 345 |
| 333 ngx_log_debug2(NGX_LOG_DEBUG_CORE, c->log, 0, | 346 ngx_log_debug2(NGX_LOG_DEBUG_CORE, c->log, 0, |
| 334 "PROXY protocol v2 address: %V %d", &c->proxy_protocol_addr, | 347 "PROXY protocol v2 address: %V %d", &pp->src_addr, |
| 335 c->proxy_protocol_port); | 348 pp->src_port); |
| 336 | 349 |
| 337 if (buf < end) { | 350 if (buf < end) { |
| 338 ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0, | 351 ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0, |
| 339 "PROXY protocol v2 %z bytes of tlv ignored", end - buf); | 352 "PROXY protocol v2 %z bytes of tlv ignored", end - buf); |
| 340 } | 353 } |
| 341 | 354 |
| 355 c->proxy_protocol = pp; | |
| 356 | |
| 342 return end; | 357 return end; |
| 343 } | 358 } |