nginx: src/event/ngx_event_accept.c comparison

comparison src/event/ngx_event_accept.c @ 4668:ba2c7463ce18 stable-1.2

Merge of r4614, r4624-r4629, r4631: proxy recursive changes. *) Added IPv6 and UNIX-domain socket support in "debug_connection" directive. *) New function ngx_http_get_forwarded_addr() to look up real client address. On input it takes an original address, string in the X-Forwarded-For format and its length, list of trusted proxies, and a flag indicating to perform the recursive search. On output it returns NGX_OK and the "deepest" valid address in a chain, or NGX_DECLINED. It supports AF_INET and AF_INET6. Additionally, original address and/or proxy may be specified as AF_UNIX. *) Realip: chains of trusted proxies and IPv6 support. The module now supports recursive search of client address through the chain of trusted proxies, controlled by the "real_ip_recursive" directive (closes #2). It also gets full IPv6 support (closes #44) and canonical value of the $client_addr variable on address change. Example: real_ip_header X-Forwarded-For; set_real_ip_from 127.0.0.0/8; set_real_ip_from ::1; set_real_ip_from unix:; real_ip_recursive on; *) Geo: chains of trusted proxies and partial IPv6 support. The module now supports recursive search of client address through the chain of trusted proxies, controlled by the "proxy_recursive" directive in the "geo" block. It also gets partial IPv6 support: now proxies may be specified with IPv6 addresses. Example: geo $test { ... proxy 127.0.0.1; proxy ::1; proxy_recursive; } There's also a slight change in behavior. When original client address (as specified by the "geo" directive) is one of the trusted proxies, and the value of the X-Forwarded-For request header cannot not be parsed as a valid address, an original client address will be used for lookup. Previously, 255.255.255.255 was used in this case. *) Geoip: trusted proxies support and partial IPv6 support. The module now supports recursive search of client address through the chain of trusted proxies (closes #100), in the same scope as the geo module. Proxies are listed by the "geoip_proxy" directive, recursive search is enabled by the "geoip_proxy_recursive" directive. IPv6 is partially supported: proxies may be specified with IPv6 addresses. Example: geoip_country .../GeoIP.dat; geoip_proxy 127.0.0.1; geoip_proxy ::1; geoip_proxy 10.0.0.0/8; geoip_proxy_recursive on;

author	Maxim Dounin <mdounin@mdounin.ru>
date	Mon, 04 Jun 2012 11:58:12 +0000
parents	25611746fee7
children

comparison

equal deleted inserted replaced

-:d05ab8793a69
+:ba2c7463ce18
 }
 #if (NGX_DEBUG)
 {
-in_addr_t            i;
+struct sockaddr_in   *sin;
-ngx_event_debug_t   *dc;
+ngx_cidr_t           *cidr;
-struct sockaddr_in  *sin;
+ngx_uint_t            i;
+#if (NGX_HAVE_INET6)
-sin = (struct sockaddr_in *) sa;
+struct sockaddr_in6  *sin6;
-dc = ecf->debug_connection.elts;
+ngx_uint_t            n;
+#endif
+cidr = ecf->debug_connection.elts;
 for (i = 0; i < ecf->debug_connection.nelts; i++) {
-if ((sin->sin_addr.s_addr & dc[i].mask) == dc[i].addr) {
+if (cidr[i].family != c->sockaddr->sa_family) {
-log->log_level = NGX_LOG_DEBUG_CONNECTION|NGX_LOG_DEBUG_ALL;
+goto next;
+}
+switch (cidr[i].family) {
+#if (NGX_HAVE_INET6)
+case AF_INET6:
+sin6 = (struct sockaddr_in6 *) c->sockaddr;
+for (n = 0; n < 16; n++) {
+if ((sin6->sin6_addr.s6_addr[n]
+& cidr[i].u.in6.mask.s6_addr[n])
+!= cidr[i].u.in6.addr.s6_addr[n])
+{
+goto next;
+}
+}
 break;
-}
+#endif
+#if (NGX_HAVE_UNIX_DOMAIN)
+case AF_UNIX:
+break;
+#endif
+default: /* AF_INET */
+sin = (struct sockaddr_in *) c->sockaddr;
+if ((sin->sin_addr.s_addr & cidr[i].u.in.mask)
+!= cidr[i].u.in.addr)
+{
+goto next;
+}
+break;
+}
+log->log_level = NGX_LOG_DEBUG_CONNECTION|NGX_LOG_DEBUG_ALL;
+break;
+next:
+continue;
 }
 }
 #endif

Mercurial > hg > nginx

comparison src/event/ngx_event_accept.c @ 4668:ba2c7463ce18 stable-1.2