Mercurial > hg > nginx
comparison src/stream/ngx_stream_realip_module.c @ 6997:df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
| author | Ruslan Ermilov <ru@nginx.com> |
|---|---|
| date | Mon, 15 May 2017 17:17:01 +0300 |
| parents | 3908156a51fa |
| children | 2a288909abc6 |
comparison
equal
deleted
inserted
replaced
| 6996:72188d1bcab5 | 6997:df1a62c83b1b |
|---|---|
| 176 static char * | 176 static char * |
| 177 ngx_stream_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | 177 ngx_stream_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
| 178 { | 178 { |
| 179 ngx_stream_realip_srv_conf_t *rscf = conf; | 179 ngx_stream_realip_srv_conf_t *rscf = conf; |
| 180 | 180 |
| 181 ngx_int_t rc; | 181 ngx_int_t rc; |
| 182 ngx_str_t *value; | 182 ngx_str_t *value; |
| 183 ngx_cidr_t *cidr; | 183 ngx_url_t u; |
| 184 ngx_cidr_t c, *cidr; | |
| 185 ngx_uint_t i; | |
| 186 struct sockaddr_in *sin; | |
| 187 #if (NGX_HAVE_INET6) | |
| 188 struct sockaddr_in6 *sin6; | |
| 189 #endif | |
| 184 | 190 |
| 185 value = cf->args->elts; | 191 value = cf->args->elts; |
| 186 | 192 |
| 187 if (rscf->from == NULL) { | 193 if (rscf->from == NULL) { |
| 188 rscf->from = ngx_array_create(cf->pool, 2, | 194 rscf->from = ngx_array_create(cf->pool, 2, |
| 190 if (rscf->from == NULL) { | 196 if (rscf->from == NULL) { |
| 191 return NGX_CONF_ERROR; | 197 return NGX_CONF_ERROR; |
| 192 } | 198 } |
| 193 } | 199 } |
| 194 | 200 |
| 195 cidr = ngx_array_push(rscf->from); | 201 #if (NGX_HAVE_UNIX_DOMAIN) |
| 202 | |
| 203 if (ngx_strcmp(value[1].data, "unix:") == 0) { | |
| 204 cidr = ngx_array_push(rscf->from); | |
| 205 if (cidr == NULL) { | |
| 206 return NGX_CONF_ERROR; | |
| 207 } | |
| 208 | |
| 209 cidr->family = AF_UNIX; | |
| 210 return NGX_CONF_OK; | |
| 211 } | |
| 212 | |
| 213 #endif | |
| 214 | |
| 215 rc = ngx_ptocidr(&value[1], &c); | |
| 216 | |
| 217 if (rc != NGX_ERROR) { | |
| 218 if (rc == NGX_DONE) { | |
| 219 ngx_conf_log_error(NGX_LOG_WARN, cf, 0, | |
| 220 "low address bits of %V are meaningless", | |
| 221 &value[1]); | |
| 222 } | |
| 223 | |
| 224 cidr = ngx_array_push(rscf->from); | |
| 225 if (cidr == NULL) { | |
| 226 return NGX_CONF_ERROR; | |
| 227 } | |
| 228 | |
| 229 *cidr = c; | |
| 230 | |
| 231 return NGX_CONF_OK; | |
| 232 } | |
| 233 | |
| 234 ngx_memzero(&u, sizeof(ngx_url_t)); | |
| 235 u.host = value[1]; | |
| 236 | |
| 237 if (ngx_inet_resolve_host(cf->pool, &u) != NGX_OK) { | |
| 238 if (u.err) { | |
| 239 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
| 240 "%s in set_real_ip_from \"%V\"", | |
| 241 u.err, &u.host); | |
| 242 } | |
| 243 | |
| 244 return NGX_CONF_ERROR; | |
| 245 } | |
| 246 | |
| 247 cidr = ngx_array_push_n(rscf->from, u.naddrs); | |
| 196 if (cidr == NULL) { | 248 if (cidr == NULL) { |
| 197 return NGX_CONF_ERROR; | 249 return NGX_CONF_ERROR; |
| 198 } | 250 } |
| 199 | 251 |
| 200 #if (NGX_HAVE_UNIX_DOMAIN) | 252 ngx_memzero(cidr, u.naddrs * sizeof(ngx_cidr_t)); |
| 201 | 253 |
| 202 if (ngx_strcmp(value[1].data, "unix:") == 0) { | 254 for (i = 0; i < u.naddrs; i++) { |
| 203 cidr->family = AF_UNIX; | 255 cidr[i].family = u.addrs[i].sockaddr->sa_family; |
| 204 return NGX_CONF_OK; | 256 |
| 205 } | 257 switch (cidr[i].family) { |
| 206 | 258 |
| 259 #if (NGX_HAVE_INET6) | |
| 260 case AF_INET6: | |
| 261 sin6 = (struct sockaddr_in6 *) u.addrs[i].sockaddr; | |
| 262 cidr[i].u.in6.addr = sin6->sin6_addr; | |
| 263 ngx_memset(cidr[i].u.in6.mask.s6_addr, 0xff, 16); | |
| 264 break; | |
| 207 #endif | 265 #endif |
| 208 | 266 |
| 209 rc = ngx_ptocidr(&value[1], cidr); | 267 default: /* AF_INET */ |
| 210 | 268 sin = (struct sockaddr_in *) u.addrs[i].sockaddr; |
| 211 if (rc == NGX_ERROR) { | 269 cidr[i].u.in.addr = sin->sin_addr.s_addr; |
| 212 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"", | 270 cidr[i].u.in.mask = 0xffffffff; |
| 213 &value[1]); | 271 break; |
| 214 return NGX_CONF_ERROR; | 272 } |
| 215 } | |
| 216 | |
| 217 if (rc == NGX_DONE) { | |
| 218 ngx_conf_log_error(NGX_LOG_WARN, cf, 0, | |
| 219 "low address bits of %V are meaningless", &value[1]); | |
| 220 } | 273 } |
| 221 | 274 |
| 222 return NGX_CONF_OK; | 275 return NGX_CONF_OK; |
| 223 } | 276 } |
| 224 | 277 |