Mercurial > hg > nginx
comparison src/event/ngx_event.c @ 4668:ba2c7463ce18 stable-1.2
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
*) Added IPv6 and UNIX-domain socket support in "debug_connection"
directive.
*) New function ngx_http_get_forwarded_addr() to look up real client
address.
On input it takes an original address, string in the X-Forwarded-For format
and its length, list of trusted proxies, and a flag indicating to perform
the recursive search. On output it returns NGX_OK and the "deepest" valid
address in a chain, or NGX_DECLINED. It supports AF_INET and AF_INET6.
Additionally, original address and/or proxy may be specified as AF_UNIX.
*) Realip: chains of trusted proxies and IPv6 support.
The module now supports recursive search of client address through
the chain of trusted proxies, controlled by the "real_ip_recursive"
directive (closes #2). It also gets full IPv6 support (closes #44)
and canonical value of the $client_addr variable on address change.
Example:
real_ip_header X-Forwarded-For;
set_real_ip_from 127.0.0.0/8;
set_real_ip_from ::1;
set_real_ip_from unix:;
real_ip_recursive on;
*) Geo: chains of trusted proxies and partial IPv6 support.
The module now supports recursive search of client address through
the chain of trusted proxies, controlled by the "proxy_recursive"
directive in the "geo" block. It also gets partial IPv6 support:
now proxies may be specified with IPv6 addresses.
Example:
geo $test {
...
proxy 127.0.0.1;
proxy ::1;
proxy_recursive;
}
There's also a slight change in behavior. When original client
address (as specified by the "geo" directive) is one of the
trusted proxies, and the value of the X-Forwarded-For request
header cannot not be parsed as a valid address, an original client
address will be used for lookup. Previously, 255.255.255.255 was
used in this case.
*) Geoip: trusted proxies support and partial IPv6 support.
The module now supports recursive search of client address through the
chain of trusted proxies (closes #100), in the same scope as the geo
module. Proxies are listed by the "geoip_proxy" directive, recursive
search is enabled by the "geoip_proxy_recursive" directive. IPv6 is
partially supported: proxies may be specified with IPv6 addresses.
Example:
geoip_country .../GeoIP.dat;
geoip_proxy 127.0.0.1;
geoip_proxy ::1;
geoip_proxy 10.0.0.0/8;
geoip_proxy_recursive on;
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Mon, 04 Jun 2012 11:58:12 +0000 |
| parents | f947296f6b2b |
| children | 4c36e15651f7 |
comparison
equal
deleted
inserted
replaced
| 4667:d05ab8793a69 | 4668:ba2c7463ce18 |
|---|---|
| 1062 #if (NGX_DEBUG) | 1062 #if (NGX_DEBUG) |
| 1063 ngx_event_conf_t *ecf = conf; | 1063 ngx_event_conf_t *ecf = conf; |
| 1064 | 1064 |
| 1065 ngx_int_t rc; | 1065 ngx_int_t rc; |
| 1066 ngx_str_t *value; | 1066 ngx_str_t *value; |
| 1067 ngx_event_debug_t *dc; | |
| 1068 struct hostent *h; | 1067 struct hostent *h; |
| 1069 ngx_cidr_t cidr; | 1068 ngx_cidr_t *cidr; |
| 1070 | 1069 |
| 1071 value = cf->args->elts; | 1070 value = cf->args->elts; |
| 1072 | 1071 |
| 1073 dc = ngx_array_push(&ecf->debug_connection); | 1072 cidr = ngx_array_push(&ecf->debug_connection); |
| 1074 if (dc == NULL) { | 1073 if (cidr == NULL) { |
| 1075 return NGX_CONF_ERROR; | 1074 return NGX_CONF_ERROR; |
| 1076 } | 1075 } |
| 1077 | 1076 |
| 1078 rc = ngx_ptocidr(&value[1], &cidr); | 1077 #if (NGX_HAVE_UNIX_DOMAIN) |
| 1078 | |
| 1079 if (ngx_strcmp(value[1].data, "unix:") == 0) { | |
| 1080 cidr->family = AF_UNIX; | |
| 1081 return NGX_CONF_OK; | |
| 1082 } | |
| 1083 | |
| 1084 #endif | |
| 1085 | |
| 1086 rc = ngx_ptocidr(&value[1], cidr); | |
| 1079 | 1087 |
| 1080 if (rc == NGX_DONE) { | 1088 if (rc == NGX_DONE) { |
| 1081 ngx_conf_log_error(NGX_LOG_WARN, cf, 0, | 1089 ngx_conf_log_error(NGX_LOG_WARN, cf, 0, |
| 1082 "low address bits of %V are meaningless", &value[1]); | 1090 "low address bits of %V are meaningless", &value[1]); |
| 1083 rc = NGX_OK; | 1091 return NGX_CONF_OK; |
| 1084 } | 1092 } |
| 1085 | 1093 |
| 1086 if (rc == NGX_OK) { | 1094 if (rc == NGX_OK) { |
| 1087 | |
| 1088 /* AF_INET only */ | |
| 1089 | |
| 1090 if (cidr.family != AF_INET) { | |
| 1091 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
| 1092 "\"debug_connection\" supports IPv4 only"); | |
| 1093 return NGX_CONF_ERROR; | |
| 1094 } | |
| 1095 | |
| 1096 dc->mask = cidr.u.in.mask; | |
| 1097 dc->addr = cidr.u.in.addr; | |
| 1098 | |
| 1099 return NGX_CONF_OK; | 1095 return NGX_CONF_OK; |
| 1100 } | 1096 } |
| 1101 | 1097 |
| 1102 h = gethostbyname((char *) value[1].data); | 1098 h = gethostbyname((char *) value[1].data); |
| 1103 | 1099 |
| 1105 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | 1101 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
| 1106 "host \"%s\" not found", value[1].data); | 1102 "host \"%s\" not found", value[1].data); |
| 1107 return NGX_CONF_ERROR; | 1103 return NGX_CONF_ERROR; |
| 1108 } | 1104 } |
| 1109 | 1105 |
| 1110 dc->mask = 0xffffffff; | 1106 cidr->family = AF_INET; |
| 1111 dc->addr = *(in_addr_t *)(h->h_addr_list[0]); | 1107 cidr->u.in.mask = 0xffffffff; |
| 1108 cidr->u.in.addr = *(in_addr_t *)(h->h_addr_list[0]); | |
| 1112 | 1109 |
| 1113 #else | 1110 #else |
| 1114 | 1111 |
| 1115 ngx_conf_log_error(NGX_LOG_WARN, cf, 0, | 1112 ngx_conf_log_error(NGX_LOG_WARN, cf, 0, |
| 1116 "\"debug_connection\" is ignored, you need to rebuild " | 1113 "\"debug_connection\" is ignored, you need to rebuild " |
| 1140 ecf->name = (void *) NGX_CONF_UNSET; | 1137 ecf->name = (void *) NGX_CONF_UNSET; |
| 1141 | 1138 |
| 1142 #if (NGX_DEBUG) | 1139 #if (NGX_DEBUG) |
| 1143 | 1140 |
| 1144 if (ngx_array_init(&ecf->debug_connection, cycle->pool, 4, | 1141 if (ngx_array_init(&ecf->debug_connection, cycle->pool, 4, |
| 1145 sizeof(ngx_event_debug_t)) == NGX_ERROR) | 1142 sizeof(ngx_cidr_t)) == NGX_ERROR) |
| 1146 { | 1143 { |
| 1147 return NULL; | 1144 return NULL; |
| 1148 } | 1145 } |
| 1149 | 1146 |
| 1150 #endif | 1147 #endif |