# HG changeset patch # User Roman Arutyunyan # Date 1571670379 -10800 # Node ID 06b01840bd4232e8879f765f4eaed3bd789bd17a # Parent 486d2e0b1b6fd1acdcb6f3eea1b4304ba6fbd341 Core: moved PROXY protocol fields out of ngx_connection_t. Now a new structure ngx_proxy_protocol_t holds these fields. This allows to add more PROXY protocol fields in the future without modifying the connection structure. diff --git a/src/core/ngx_connection.h b/src/core/ngx_connection.h --- a/src/core/ngx_connection.h +++ b/src/core/ngx_connection.h @@ -147,8 +147,7 @@ struct ngx_connection_s { socklen_t socklen; ngx_str_t addr_text; - ngx_str_t proxy_protocol_addr; - in_port_t proxy_protocol_port; + ngx_proxy_protocol_t *proxy_protocol; #if (NGX_SSL || NGX_COMPAT) ngx_ssl_connection_t *ssl; diff --git a/src/core/ngx_core.h b/src/core/ngx_core.h --- a/src/core/ngx_core.h +++ b/src/core/ngx_core.h @@ -26,6 +26,7 @@ typedef struct ngx_event_aio_s ngx typedef struct ngx_connection_s ngx_connection_t; typedef struct ngx_thread_task_s ngx_thread_task_t; typedef struct ngx_ssl_s ngx_ssl_t; +typedef struct ngx_proxy_protocol_s ngx_proxy_protocol_t; typedef struct ngx_ssl_connection_s ngx_ssl_connection_t; typedef struct ngx_udp_connection_s ngx_udp_connection_t; diff --git a/src/core/ngx_proxy_protocol.c b/src/core/ngx_proxy_protocol.c --- a/src/core/ngx_proxy_protocol.c +++ b/src/core/ngx_proxy_protocol.c @@ -47,9 +47,10 @@ static u_char *ngx_proxy_protocol_v2_rea u_char * ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf, u_char *last) { - size_t len; - u_char ch, *p, *addr, *port; - ngx_int_t n; + size_t len; + u_char ch, *p, *addr, *port; + ngx_int_t n; + ngx_proxy_protocol_t *pp; static const u_char signature[] = "\r\n\r\n\0\r\nQUIT\n"; @@ -105,15 +106,20 @@ ngx_proxy_protocol_read(ngx_connection_t } } - len = p - addr - 1; - c->proxy_protocol_addr.data = ngx_pnalloc(c->pool, len); - - if (c->proxy_protocol_addr.data == NULL) { + pp = ngx_pcalloc(c->pool, sizeof(ngx_proxy_protocol_t)); + if (pp == NULL) { return NULL; } - ngx_memcpy(c->proxy_protocol_addr.data, addr, len); - c->proxy_protocol_addr.len = len; + len = p - addr - 1; + + pp->src_addr.data = ngx_pnalloc(c->pool, len); + if (pp->src_addr.data == NULL) { + return NULL; + } + + ngx_memcpy(pp->src_addr.data, addr, len); + pp->src_addr.len = len; for ( ;; ) { if (p == last) { @@ -145,11 +151,13 @@ ngx_proxy_protocol_read(ngx_connection_t goto invalid; } - c->proxy_protocol_port = (in_port_t) n; + pp->src_port = (in_port_t) n; ngx_log_debug2(NGX_LOG_DEBUG_CORE, c->log, 0, - "PROXY protocol address: %V %d", &c->proxy_protocol_addr, - c->proxy_protocol_port); + "PROXY protocol address: %V %d", &pp->src_addr, + pp->src_port); + + c->proxy_protocol = pp; skip: @@ -220,6 +228,7 @@ ngx_proxy_protocol_v2_read(ngx_connectio socklen_t socklen; ngx_uint_t version, command, family, transport; ngx_sockaddr_t sockaddr; + ngx_proxy_protocol_t *pp; ngx_proxy_protocol_header_t *header; ngx_proxy_protocol_inet_addrs_t *in; #if (NGX_HAVE_INET6) @@ -266,6 +275,11 @@ ngx_proxy_protocol_v2_read(ngx_connectio return end; } + pp = ngx_pcalloc(c->pool, sizeof(ngx_proxy_protocol_t)); + if (pp == NULL) { + return NULL; + } + family = header->family_transport >> 4; switch (family) { @@ -282,7 +296,7 @@ ngx_proxy_protocol_v2_read(ngx_connectio sockaddr.sockaddr_in.sin_port = 0; memcpy(&sockaddr.sockaddr_in.sin_addr, in->src_addr, 4); - c->proxy_protocol_port = ngx_proxy_protocol_parse_uint16(in->src_port); + pp->src_port = ngx_proxy_protocol_parse_uint16(in->src_port); socklen = sizeof(struct sockaddr_in); @@ -304,7 +318,7 @@ ngx_proxy_protocol_v2_read(ngx_connectio sockaddr.sockaddr_in6.sin6_port = 0; memcpy(&sockaddr.sockaddr_in6.sin6_addr, in6->src_addr, 16); - c->proxy_protocol_port = ngx_proxy_protocol_parse_uint16(in6->src_port); + pp->src_port = ngx_proxy_protocol_parse_uint16(in6->src_port); socklen = sizeof(struct sockaddr_in6); @@ -321,23 +335,24 @@ ngx_proxy_protocol_v2_read(ngx_connectio return end; } - c->proxy_protocol_addr.data = ngx_pnalloc(c->pool, NGX_SOCKADDR_STRLEN); - if (c->proxy_protocol_addr.data == NULL) { + pp->src_addr.data = ngx_pnalloc(c->pool, NGX_SOCKADDR_STRLEN); + if (pp->src_addr.data == NULL) { return NULL; } - c->proxy_protocol_addr.len = ngx_sock_ntop(&sockaddr.sockaddr, socklen, - c->proxy_protocol_addr.data, - NGX_SOCKADDR_STRLEN, 0); + pp->src_addr.len = ngx_sock_ntop(&sockaddr.sockaddr, socklen, + pp->src_addr.data, NGX_SOCKADDR_STRLEN, 0); ngx_log_debug2(NGX_LOG_DEBUG_CORE, c->log, 0, - "PROXY protocol v2 address: %V %d", &c->proxy_protocol_addr, - c->proxy_protocol_port); + "PROXY protocol v2 address: %V %d", &pp->src_addr, + pp->src_port); if (buf < end) { ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0, "PROXY protocol v2 %z bytes of tlv ignored", end - buf); } + c->proxy_protocol = pp; + return end; } diff --git a/src/core/ngx_proxy_protocol.h b/src/core/ngx_proxy_protocol.h --- a/src/core/ngx_proxy_protocol.h +++ b/src/core/ngx_proxy_protocol.h @@ -16,6 +16,12 @@ #define NGX_PROXY_PROTOCOL_MAX_HEADER 107 +struct ngx_proxy_protocol_s { + ngx_str_t src_addr; + in_port_t src_port; +}; + + u_char *ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf, u_char *last); u_char *ngx_proxy_protocol_write(ngx_connection_t *c, u_char *buf, diff --git a/src/http/modules/ngx_http_realip_module.c b/src/http/modules/ngx_http_realip_module.c --- a/src/http/modules/ngx_http_realip_module.c +++ b/src/http/modules/ngx_http_realip_module.c @@ -180,12 +180,11 @@ ngx_http_realip_handler(ngx_http_request case NGX_HTTP_REALIP_PROXY: - value = &r->connection->proxy_protocol_addr; - - if (value->len == 0) { + if (r->connection->proxy_protocol == NULL) { return NGX_DECLINED; } + value = &r->connection->proxy_protocol->src_addr; xfwd = NULL; break; @@ -238,7 +237,7 @@ found: != NGX_DECLINED) { if (rlcf->type == NGX_HTTP_REALIP_PROXY) { - ngx_inet_set_port(addr.sockaddr, c->proxy_protocol_port); + ngx_inet_set_port(addr.sockaddr, c->proxy_protocol->src_port); } return ngx_http_realip_set_addr(r, &addr); diff --git a/src/http/ngx_http_variables.c b/src/http/ngx_http_variables.c --- a/src/http/ngx_http_variables.c +++ b/src/http/ngx_http_variables.c @@ -1293,11 +1293,19 @@ static ngx_int_t ngx_http_variable_proxy_protocol_addr(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data) { - v->len = r->connection->proxy_protocol_addr.len; + ngx_proxy_protocol_t *pp; + + pp = r->connection->proxy_protocol; + if (pp == NULL) { + v->not_found = 1; + return NGX_OK; + } + + v->len = pp->src_addr.len; v->valid = 1; v->no_cacheable = 0; v->not_found = 0; - v->data = r->connection->proxy_protocol_addr.data; + v->data = pp->src_addr.data; return NGX_OK; } @@ -1307,7 +1315,14 @@ static ngx_int_t ngx_http_variable_proxy_protocol_port(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data) { - ngx_uint_t port; + ngx_uint_t port; + ngx_proxy_protocol_t *pp; + + pp = r->connection->proxy_protocol; + if (pp == NULL) { + v->not_found = 1; + return NGX_OK; + } v->len = 0; v->valid = 1; @@ -1319,7 +1334,7 @@ ngx_http_variable_proxy_protocol_port(ng return NGX_ERROR; } - port = r->connection->proxy_protocol_port; + port = pp->src_port; if (port > 0 && port < 65536) { v->len = ngx_sprintf(v->data, "%ui", port) - v->data; diff --git a/src/stream/ngx_stream_realip_module.c b/src/stream/ngx_stream_realip_module.c --- a/src/stream/ngx_stream_realip_module.c +++ b/src/stream/ngx_stream_realip_module.c @@ -108,7 +108,7 @@ ngx_stream_realip_handler(ngx_stream_ses c = s->connection; - if (c->proxy_protocol_addr.len == 0) { + if (c->proxy_protocol == NULL) { return NGX_DECLINED; } @@ -116,14 +116,14 @@ ngx_stream_realip_handler(ngx_stream_ses return NGX_DECLINED; } - if (ngx_parse_addr(c->pool, &addr, c->proxy_protocol_addr.data, - c->proxy_protocol_addr.len) + if (ngx_parse_addr(c->pool, &addr, c->proxy_protocol->src_addr.data, + c->proxy_protocol->src_addr.len) != NGX_OK) { return NGX_DECLINED; } - ngx_inet_set_port(addr.sockaddr, c->proxy_protocol_port); + ngx_inet_set_port(addr.sockaddr, c->proxy_protocol->src_port); return ngx_stream_realip_set_addr(s, &addr); } diff --git a/src/stream/ngx_stream_variables.c b/src/stream/ngx_stream_variables.c --- a/src/stream/ngx_stream_variables.c +++ b/src/stream/ngx_stream_variables.c @@ -557,11 +557,19 @@ static ngx_int_t ngx_stream_variable_proxy_protocol_addr(ngx_stream_session_t *s, ngx_stream_variable_value_t *v, uintptr_t data) { - v->len = s->connection->proxy_protocol_addr.len; + ngx_proxy_protocol_t *pp; + + pp = s->connection->proxy_protocol; + if (pp == NULL) { + v->not_found = 1; + return NGX_OK; + } + + v->len = pp->src_addr.len; v->valid = 1; v->no_cacheable = 0; v->not_found = 0; - v->data = s->connection->proxy_protocol_addr.data; + v->data = pp->src_addr.data; return NGX_OK; } @@ -571,7 +579,14 @@ static ngx_int_t ngx_stream_variable_proxy_protocol_port(ngx_stream_session_t *s, ngx_stream_variable_value_t *v, uintptr_t data) { - ngx_uint_t port; + ngx_uint_t port; + ngx_proxy_protocol_t *pp; + + pp = s->connection->proxy_protocol; + if (pp == NULL) { + v->not_found = 1; + return NGX_OK; + } v->len = 0; v->valid = 1; @@ -583,7 +598,7 @@ ngx_stream_variable_proxy_protocol_port( return NGX_ERROR; } - port = s->connection->proxy_protocol_port; + port = pp->src_port; if (port > 0 && port < 65536) { v->len = ngx_sprintf(v->data, "%ui", port) - v->data;