Mercurial > hg > nginx
comparison src/mail/ngx_mail_handler.c @ 7794:12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Activated with the "proxy_protocol" parameter of the "listen" directive.
Obtained information is passed to the auth_http script in Proxy-Protocol-Addr,
Proxy-Protocol-Port, Proxy-Protocol-Server-Addr, and Proxy-Protocol-Server-Port
headers.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Fri, 05 Mar 2021 17:16:24 +0300 |
| parents | adee10c7fac8 |
| children | ef4bdbbce57e |
comparison
equal
deleted
inserted
replaced
| 7793:44ebeeceb70e | 7794:12ea1de7d87c |
|---|---|
| 9 #include <ngx_core.h> | 9 #include <ngx_core.h> |
| 10 #include <ngx_event.h> | 10 #include <ngx_event.h> |
| 11 #include <ngx_mail.h> | 11 #include <ngx_mail.h> |
| 12 | 12 |
| 13 | 13 |
| 14 static void ngx_mail_proxy_protocol_handler(ngx_event_t *rev); | |
| 14 static void ngx_mail_init_session_handler(ngx_event_t *rev); | 15 static void ngx_mail_init_session_handler(ngx_event_t *rev); |
| 15 static void ngx_mail_init_session(ngx_connection_t *c); | 16 static void ngx_mail_init_session(ngx_connection_t *c); |
| 16 | 17 |
| 17 #if (NGX_MAIL_SSL) | 18 #if (NGX_MAIL_SSL) |
| 18 static void ngx_mail_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c); | 19 static void ngx_mail_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c); |
| 166 c->log_error = NGX_ERROR_INFO; | 167 c->log_error = NGX_ERROR_INFO; |
| 167 | 168 |
| 168 rev = c->read; | 169 rev = c->read; |
| 169 rev->handler = ngx_mail_init_session_handler; | 170 rev->handler = ngx_mail_init_session_handler; |
| 170 | 171 |
| 172 if (addr_conf->proxy_protocol) { | |
| 173 c->log->action = "reading PROXY protocol"; | |
| 174 | |
| 175 rev->handler = ngx_mail_proxy_protocol_handler; | |
| 176 | |
| 177 if (!rev->ready) { | |
| 178 ngx_add_timer(rev, cscf->timeout); | |
| 179 | |
| 180 if (ngx_handle_read_event(rev, 0) != NGX_OK) { | |
| 181 ngx_mail_close_connection(c); | |
| 182 } | |
| 183 | |
| 184 return; | |
| 185 } | |
| 186 } | |
| 187 | |
| 171 if (ngx_use_accept_mutex) { | 188 if (ngx_use_accept_mutex) { |
| 172 ngx_post_event(rev, &ngx_posted_events); | 189 ngx_post_event(rev, &ngx_posted_events); |
| 173 return; | 190 return; |
| 174 } | 191 } |
| 175 | 192 |
| 176 rev->handler(rev); | 193 rev->handler(rev); |
| 194 } | |
| 195 | |
| 196 | |
| 197 static void | |
| 198 ngx_mail_proxy_protocol_handler(ngx_event_t *rev) | |
| 199 { | |
| 200 u_char *p, buf[NGX_PROXY_PROTOCOL_MAX_HEADER]; | |
| 201 size_t size; | |
| 202 ssize_t n; | |
| 203 ngx_err_t err; | |
| 204 ngx_connection_t *c; | |
| 205 ngx_mail_session_t *s; | |
| 206 ngx_mail_core_srv_conf_t *cscf; | |
| 207 | |
| 208 c = rev->data; | |
| 209 s = c->data; | |
| 210 | |
| 211 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, | |
| 212 "mail PROXY protocol handler"); | |
| 213 | |
| 214 if (rev->timedout) { | |
| 215 ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); | |
| 216 c->timedout = 1; | |
| 217 ngx_mail_close_connection(c); | |
| 218 return; | |
| 219 } | |
| 220 | |
| 221 n = recv(c->fd, (char *) buf, sizeof(buf), MSG_PEEK); | |
| 222 | |
| 223 err = ngx_socket_errno; | |
| 224 | |
| 225 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, "recv(): %z", n); | |
| 226 | |
| 227 if (n == -1) { | |
| 228 if (err == NGX_EAGAIN) { | |
| 229 rev->ready = 0; | |
| 230 | |
| 231 if (!rev->timer_set) { | |
| 232 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); | |
| 233 ngx_add_timer(rev, cscf->timeout); | |
| 234 } | |
| 235 | |
| 236 if (ngx_handle_read_event(rev, 0) != NGX_OK) { | |
| 237 ngx_mail_close_connection(c); | |
| 238 } | |
| 239 | |
| 240 return; | |
| 241 } | |
| 242 | |
| 243 ngx_connection_error(c, err, "recv() failed"); | |
| 244 | |
| 245 ngx_mail_close_connection(c); | |
| 246 return; | |
| 247 } | |
| 248 | |
| 249 p = ngx_proxy_protocol_read(c, buf, buf + n); | |
| 250 | |
| 251 if (p == NULL) { | |
| 252 ngx_mail_close_connection(c); | |
| 253 return; | |
| 254 } | |
| 255 | |
| 256 size = p - buf; | |
| 257 | |
| 258 if (c->recv(c, buf, size) != (ssize_t) size) { | |
| 259 ngx_mail_close_connection(c); | |
| 260 return; | |
| 261 } | |
| 262 | |
| 263 ngx_mail_init_session_handler(rev); | |
| 177 } | 264 } |
| 178 | 265 |
| 179 | 266 |
| 180 static void | 267 static void |
| 181 ngx_mail_init_session_handler(ngx_event_t *rev) | 268 ngx_mail_init_session_handler(ngx_event_t *rev) |
| 240 | 327 |
| 241 if (ngx_ssl_handshake(c) == NGX_AGAIN) { | 328 if (ngx_ssl_handshake(c) == NGX_AGAIN) { |
| 242 | 329 |
| 243 s = c->data; | 330 s = c->data; |
| 244 | 331 |
| 245 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); | 332 if (!c->read->timer_set) { |
| 246 | 333 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); |
| 247 ngx_add_timer(c->read, cscf->timeout); | 334 ngx_add_timer(c->read, cscf->timeout); |
| 335 } | |
| 248 | 336 |
| 249 c->ssl->handler = ngx_mail_ssl_handshake_handler; | 337 c->ssl->handler = ngx_mail_ssl_handshake_handler; |
| 250 | 338 |
| 251 return; | 339 return; |
| 252 } | 340 } |