Mercurial > hg > nginx
changeset 7594:359b0ea2b067
Limit conn: limit_conn_dry_run directive.
A new directive limit_conn_dry_run allows enabling the dry run mode. In this
mode connections are not rejected, but reject status is logged as usual.
| author | Roman Arutyunyan <arut@nginx.com> |
|---|---|
| date | Tue, 19 Nov 2019 11:30:41 +0300 |
| parents | e84fb4991d74 |
| children | 9606d93aa586 |
| files | src/http/modules/ngx_http_limit_conn_module.c src/stream/ngx_stream_limit_conn_module.c |
| diffstat | 2 files changed, 46 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/http/modules/ngx_http_limit_conn_module.c +++ b/src/http/modules/ngx_http_limit_conn_module.c @@ -40,6 +40,7 @@ typedef struct { ngx_array_t limits; ngx_uint_t log_level; ngx_uint_t status_code; + ngx_flag_t dry_run; } ngx_http_limit_conn_conf_t; @@ -102,6 +103,13 @@ static ngx_command_t ngx_http_limit_con offsetof(ngx_http_limit_conn_conf_t, status_code), &ngx_http_limit_conn_status_bounds }, + { ngx_string("limit_conn_dry_run"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, + ngx_conf_set_flag_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_limit_conn_conf_t, dry_run), + NULL }, + ngx_null_command }; @@ -200,6 +208,11 @@ ngx_http_limit_conn_handler(ngx_http_req if (node == NULL) { ngx_shmtx_unlock(&shpool->mutex); ngx_http_limit_conn_cleanup_all(r->pool); + + if (lccf->dry_run) { + return NGX_DECLINED; + } + return lccf->status_code; } @@ -221,10 +234,16 @@ ngx_http_limit_conn_handler(ngx_http_req ngx_shmtx_unlock(&shpool->mutex); ngx_log_error(lccf->log_level, r->connection->log, 0, - "limiting connections by zone \"%V\"", + "limiting connections%s by zone \"%V\"", + lccf->dry_run ? ", dry run," : "", &limits[i].shm_zone->shm.name); ngx_http_limit_conn_cleanup_all(r->pool); + + if (lccf->dry_run) { + return NGX_DECLINED; + } + return lccf->status_code; } @@ -466,6 +485,7 @@ ngx_http_limit_conn_create_conf(ngx_conf conf->log_level = NGX_CONF_UNSET_UINT; conf->status_code = NGX_CONF_UNSET_UINT; + conf->dry_run = NGX_CONF_UNSET; return conf; } @@ -485,6 +505,8 @@ ngx_http_limit_conn_merge_conf(ngx_conf_ ngx_conf_merge_uint_value(conf->status_code, prev->status_code, NGX_HTTP_SERVICE_UNAVAILABLE); + ngx_conf_merge_value(conf->dry_run, prev->dry_run, 0); + return NGX_CONF_OK; }
--- a/src/stream/ngx_stream_limit_conn_module.c +++ b/src/stream/ngx_stream_limit_conn_module.c @@ -39,6 +39,7 @@ typedef struct { typedef struct { ngx_array_t limits; ngx_uint_t log_level; + ngx_flag_t dry_run; } ngx_stream_limit_conn_conf_t; @@ -89,6 +90,13 @@ static ngx_command_t ngx_stream_limit_c offsetof(ngx_stream_limit_conn_conf_t, log_level), &ngx_stream_limit_conn_log_levels }, + { ngx_string("limit_conn_dry_run"), + NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, + ngx_conf_set_flag_slot, + NGX_STREAM_SRV_CONF_OFFSET, + offsetof(ngx_stream_limit_conn_conf_t, dry_run), + NULL }, + ngx_null_command }; @@ -178,6 +186,11 @@ ngx_stream_limit_conn_handler(ngx_stream if (node == NULL) { ngx_shmtx_unlock(&shpool->mutex); ngx_stream_limit_conn_cleanup_all(s->connection->pool); + + if (lccf->dry_run) { + return NGX_DECLINED; + } + return NGX_STREAM_SERVICE_UNAVAILABLE; } @@ -199,10 +212,16 @@ ngx_stream_limit_conn_handler(ngx_stream ngx_shmtx_unlock(&shpool->mutex); ngx_log_error(lccf->log_level, s->connection->log, 0, - "limiting connections by zone \"%V\"", + "limiting connections%s by zone \"%V\"", + lccf->dry_run ? ", dry run," : "", &limits[i].shm_zone->shm.name); ngx_stream_limit_conn_cleanup_all(s->connection->pool); + + if (lccf->dry_run) { + return NGX_DECLINED; + } + return NGX_STREAM_SERVICE_UNAVAILABLE; } @@ -444,6 +463,7 @@ ngx_stream_limit_conn_create_conf(ngx_co */ conf->log_level = NGX_CONF_UNSET_UINT; + conf->dry_run = NGX_CONF_UNSET; return conf; } @@ -461,6 +481,8 @@ ngx_stream_limit_conn_merge_conf(ngx_con ngx_conf_merge_uint_value(conf->log_level, prev->log_level, NGX_LOG_ERR); + ngx_conf_merge_value(conf->dry_run, prev->dry_run, 0); + return NGX_CONF_OK; }