Mercurial > hg > nginx
comparison src/stream/ngx_stream_realip_module.c @ 6997:df1a62c83b1b
Realip: allow hostnames in set_real_ip_from (ticket #1180).
author | Ruslan Ermilov <ru@nginx.com> |
---|---|
date | Mon, 15 May 2017 17:17:01 +0300 |
parents | 3908156a51fa |
children | 2a288909abc6 |
comparison
equal
deleted
inserted
replaced
6996:72188d1bcab5 | 6997:df1a62c83b1b |
---|---|
176 static char * | 176 static char * |
177 ngx_stream_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | 177 ngx_stream_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
178 { | 178 { |
179 ngx_stream_realip_srv_conf_t *rscf = conf; | 179 ngx_stream_realip_srv_conf_t *rscf = conf; |
180 | 180 |
181 ngx_int_t rc; | 181 ngx_int_t rc; |
182 ngx_str_t *value; | 182 ngx_str_t *value; |
183 ngx_cidr_t *cidr; | 183 ngx_url_t u; |
184 ngx_cidr_t c, *cidr; | |
185 ngx_uint_t i; | |
186 struct sockaddr_in *sin; | |
187 #if (NGX_HAVE_INET6) | |
188 struct sockaddr_in6 *sin6; | |
189 #endif | |
184 | 190 |
185 value = cf->args->elts; | 191 value = cf->args->elts; |
186 | 192 |
187 if (rscf->from == NULL) { | 193 if (rscf->from == NULL) { |
188 rscf->from = ngx_array_create(cf->pool, 2, | 194 rscf->from = ngx_array_create(cf->pool, 2, |
190 if (rscf->from == NULL) { | 196 if (rscf->from == NULL) { |
191 return NGX_CONF_ERROR; | 197 return NGX_CONF_ERROR; |
192 } | 198 } |
193 } | 199 } |
194 | 200 |
195 cidr = ngx_array_push(rscf->from); | 201 #if (NGX_HAVE_UNIX_DOMAIN) |
202 | |
203 if (ngx_strcmp(value[1].data, "unix:") == 0) { | |
204 cidr = ngx_array_push(rscf->from); | |
205 if (cidr == NULL) { | |
206 return NGX_CONF_ERROR; | |
207 } | |
208 | |
209 cidr->family = AF_UNIX; | |
210 return NGX_CONF_OK; | |
211 } | |
212 | |
213 #endif | |
214 | |
215 rc = ngx_ptocidr(&value[1], &c); | |
216 | |
217 if (rc != NGX_ERROR) { | |
218 if (rc == NGX_DONE) { | |
219 ngx_conf_log_error(NGX_LOG_WARN, cf, 0, | |
220 "low address bits of %V are meaningless", | |
221 &value[1]); | |
222 } | |
223 | |
224 cidr = ngx_array_push(rscf->from); | |
225 if (cidr == NULL) { | |
226 return NGX_CONF_ERROR; | |
227 } | |
228 | |
229 *cidr = c; | |
230 | |
231 return NGX_CONF_OK; | |
232 } | |
233 | |
234 ngx_memzero(&u, sizeof(ngx_url_t)); | |
235 u.host = value[1]; | |
236 | |
237 if (ngx_inet_resolve_host(cf->pool, &u) != NGX_OK) { | |
238 if (u.err) { | |
239 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
240 "%s in set_real_ip_from \"%V\"", | |
241 u.err, &u.host); | |
242 } | |
243 | |
244 return NGX_CONF_ERROR; | |
245 } | |
246 | |
247 cidr = ngx_array_push_n(rscf->from, u.naddrs); | |
196 if (cidr == NULL) { | 248 if (cidr == NULL) { |
197 return NGX_CONF_ERROR; | 249 return NGX_CONF_ERROR; |
198 } | 250 } |
199 | 251 |
200 #if (NGX_HAVE_UNIX_DOMAIN) | 252 ngx_memzero(cidr, u.naddrs * sizeof(ngx_cidr_t)); |
201 | 253 |
202 if (ngx_strcmp(value[1].data, "unix:") == 0) { | 254 for (i = 0; i < u.naddrs; i++) { |
203 cidr->family = AF_UNIX; | 255 cidr[i].family = u.addrs[i].sockaddr->sa_family; |
204 return NGX_CONF_OK; | 256 |
205 } | 257 switch (cidr[i].family) { |
206 | 258 |
259 #if (NGX_HAVE_INET6) | |
260 case AF_INET6: | |
261 sin6 = (struct sockaddr_in6 *) u.addrs[i].sockaddr; | |
262 cidr[i].u.in6.addr = sin6->sin6_addr; | |
263 ngx_memset(cidr[i].u.in6.mask.s6_addr, 0xff, 16); | |
264 break; | |
207 #endif | 265 #endif |
208 | 266 |
209 rc = ngx_ptocidr(&value[1], cidr); | 267 default: /* AF_INET */ |
210 | 268 sin = (struct sockaddr_in *) u.addrs[i].sockaddr; |
211 if (rc == NGX_ERROR) { | 269 cidr[i].u.in.addr = sin->sin_addr.s_addr; |
212 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"", | 270 cidr[i].u.in.mask = 0xffffffff; |
213 &value[1]); | 271 break; |
214 return NGX_CONF_ERROR; | 272 } |
215 } | |
216 | |
217 if (rc == NGX_DONE) { | |
218 ngx_conf_log_error(NGX_LOG_WARN, cf, 0, | |
219 "low address bits of %V are meaningless", &value[1]); | |
220 } | 273 } |
221 | 274 |
222 return NGX_CONF_OK; | 275 return NGX_CONF_OK; |
223 } | 276 } |
224 | 277 |