Mercurial > hg > nginx
changeset 2294:ce574b0ffeec
ngx_http_limit_req_module
| author | Igor Sysoev <igor@sysoev.ru> |
|---|---|
| date | Mon, 10 Nov 2008 15:22:33 +0000 |
| parents | 0433bc27e468 |
| children | 173900227c06 |
| files | auto/modules auto/options auto/sources src/http/modules/ngx_http_limit_req_module.c src/http/ngx_http.h src/http/ngx_http_request.c src/http/ngx_http_request.h |
| diffstat | 7 files changed, 504 insertions(+), 204 deletions(-) [+] |
line wrap: on
line diff
--- a/auto/modules +++ b/auto/modules @@ -203,6 +203,11 @@ if [ $HTTP_LIMIT_ZONE = YES ]; then HTTP_SRCS="$HTTP_SRCS $HTTP_LIMIT_ZONE_SRCS" fi +if [ $HTTP_LIMIT_REQ = YES ]; then + HTTP_MODULES="$HTTP_MODULES $HTTP_LIMIT_REQ_MODULE" + HTTP_SRCS="$HTTP_SRCS $HTTP_LIMIT_REQ_SRCS" +fi + if [ $HTTP_REALIP = YES ]; then have=NGX_HTTP_REALIP . auto/have HTTP_MODULES="$HTTP_MODULES $HTTP_REALIP_MODULE"
--- a/auto/options +++ b/auto/options @@ -75,6 +75,7 @@ HTTP_FASTCGI=YES HTTP_PERL=NO HTTP_MEMCACHED=YES HTTP_LIMIT_ZONE=YES +HTTP_LIMIT_REQ=YES HTTP_EMPTY_GIF=YES HTTP_BROWSER=YES HTTP_SECURE_LINK=NO @@ -192,6 +193,7 @@ do --without-http_fastcgi_module) HTTP_FASTCGI=NO ;; --without-http_memcached_module) HTTP_MEMCACHED=NO ;; --without-http_limit_zone_module) HTTP_LIMIT_ZONE=NO ;; + --without-http_limit_req_module) HTTP_LIMIT_REQ=NO ;; --without-http_empty_gif_module) HTTP_EMPTY_GIF=NO ;; --without-http_browser_module) HTTP_BROWSER=NO ;; --without-http_upstream_ip_hash_module) HTTP_UPSTREAM_IP_HASH=NO ;; @@ -310,6 +312,7 @@ cat << END --without-http_fastcgi_module disable ngx_http_fastcgi_module --without-http_memcached_module disable ngx_http_memcached_module --without-http_limit_zone_module disable ngx_http_limit_zone_module + --without-http_limit_req_module disable ngx_http_limit_req_module --without-http_empty_gif_module disable ngx_http_empty_gif_module --without-http_browser_module disable ngx_http_browser_module --without-http_upstream_ip_hash_module
--- a/auto/sources +++ b/auto/sources @@ -417,6 +417,10 @@ HTTP_LIMIT_ZONE_MODULE=ngx_http_limit_zo HTTP_LIMIT_ZONE_SRCS=src/http/modules/ngx_http_limit_zone_module.c +HTTP_LIMIT_REQ_MODULE=ngx_http_limit_req_module +HTTP_LIMIT_REQ_SRCS=src/http/modules/ngx_http_limit_req_module.c + + HTTP_EMPTY_GIF_MODULE=ngx_http_empty_gif_module HTTP_EMPTY_GIF_SRCS=src/http/modules/ngx_http_empty_gif_module.c
copy from src/http/modules/ngx_http_limit_zone_module.c copy to src/http/modules/ngx_http_limit_req_module.c --- a/src/http/modules/ngx_http_limit_zone_module.c +++ b/src/http/modules/ngx_http_limit_req_module.c @@ -11,55 +11,60 @@ typedef struct { u_char color; - u_char len; - u_short conn; + u_char dummy; + u_short len; + ngx_queue_t queue; + ngx_msec_t last; + float rate; u_char data[1]; -} ngx_http_limit_zone_node_t; - - -typedef struct { - ngx_shm_zone_t *shm_zone; - ngx_rbtree_node_t *node; -} ngx_http_limit_zone_cleanup_t; +} ngx_http_limit_req_node_t; typedef struct { ngx_rbtree_t *rbtree; + ngx_queue_t *queue; + ngx_slab_pool_t *shpool; + float rate; ngx_int_t index; ngx_str_t var; -} ngx_http_limit_zone_ctx_t; +} ngx_http_limit_req_ctx_t; typedef struct { ngx_shm_zone_t *shm_zone; - ngx_uint_t conn; -} ngx_http_limit_zone_conf_t; + float burst; + ngx_msec_t delay; +} ngx_http_limit_req_conf_t; -static void ngx_http_limit_zone_cleanup(void *data); +static void ngx_http_limit_req_delay(ngx_http_request_t *r); +static ngx_int_t ngx_http_limit_req_lookup(ngx_http_limit_req_conf_t *lzcf, + ngx_uint_t hash, u_char *data, size_t len, ngx_http_limit_req_node_t **lzp); +static void ngx_http_limit_req_expire(ngx_http_limit_req_ctx_t *ctx, + ngx_uint_t n); -static void *ngx_http_limit_zone_create_conf(ngx_conf_t *cf); -static char *ngx_http_limit_zone_merge_conf(ngx_conf_t *cf, void *parent, +static void *ngx_http_limit_req_create_conf(ngx_conf_t *cf); +static char *ngx_http_limit_req_merge_conf(ngx_conf_t *cf, void *parent, void *child); -static char *ngx_http_limit_zone(ngx_conf_t *cf, ngx_command_t *cmd, +static char *ngx_http_limit_req_zone(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); -static char *ngx_http_limit_conn(ngx_conf_t *cf, ngx_command_t *cmd, +static char *ngx_http_limit_req(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); -static ngx_int_t ngx_http_limit_zone_init(ngx_conf_t *cf); +static ngx_int_t ngx_http_limit_req_init(ngx_conf_t *cf); -static ngx_command_t ngx_http_limit_zone_commands[] = { +static ngx_command_t ngx_http_limit_req_commands[] = { - { ngx_string("limit_zone"), + { ngx_string("limit_req_zone"), NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE3, - ngx_http_limit_zone, + ngx_http_limit_req_zone, 0, 0, NULL }, - { ngx_string("limit_conn"), - NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE2, - ngx_http_limit_conn, + { ngx_string("limit_req"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE123, + ngx_http_limit_req, NGX_HTTP_LOC_CONF_OFFSET, 0, NULL }, @@ -68,9 +73,9 @@ static ngx_command_t ngx_http_limit_zon }; -static ngx_http_module_t ngx_http_limit_zone_module_ctx = { +static ngx_http_module_t ngx_http_limit_req_module_ctx = { NULL, /* preconfiguration */ - ngx_http_limit_zone_init, /* postconfiguration */ + ngx_http_limit_req_init, /* postconfiguration */ NULL, /* create main configuration */ NULL, /* init main configuration */ @@ -78,15 +83,15 @@ static ngx_http_module_t ngx_http_limit NULL, /* create server configuration */ NULL, /* merge server configuration */ - ngx_http_limit_zone_create_conf, /* create location configration */ - ngx_http_limit_zone_merge_conf /* merge location configration */ + ngx_http_limit_req_create_conf, /* create location configration */ + ngx_http_limit_req_merge_conf /* merge location configration */ }; -ngx_module_t ngx_http_limit_zone_module = { +ngx_module_t ngx_http_limit_req_module = { NGX_MODULE_V1, - &ngx_http_limit_zone_module_ctx, /* module context */ - ngx_http_limit_zone_commands, /* module directives */ + &ngx_http_limit_req_module_ctx, /* module context */ + ngx_http_limit_req_commands, /* module directives */ NGX_HTTP_MODULE, /* module type */ NULL, /* init master */ NULL, /* init module */ @@ -100,25 +105,24 @@ ngx_module_t ngx_http_limit_zone_module static ngx_int_t -ngx_http_limit_zone_handler(ngx_http_request_t *r) +ngx_http_limit_req_handler(ngx_http_request_t *r) { - size_t len, n; - uint32_t hash; - ngx_int_t rc; - ngx_slab_pool_t *shpool; - ngx_rbtree_node_t *node, *sentinel; - ngx_pool_cleanup_t *cln; - ngx_http_variable_value_t *vv; - ngx_http_limit_zone_ctx_t *ctx; - ngx_http_limit_zone_node_t *lz; - ngx_http_limit_zone_conf_t *lzcf; - ngx_http_limit_zone_cleanup_t *lzcln; + float rate; + size_t len, n; + uint32_t hash; + ngx_int_t rc; + ngx_time_t *tp; + ngx_rbtree_node_t *node; + ngx_http_variable_value_t *vv; + ngx_http_limit_req_ctx_t *ctx; + ngx_http_limit_req_node_t *lz; + ngx_http_limit_req_conf_t *lzcf; - if (r->main->limit_zone_set) { + if (r->main->limit_req_set) { return NGX_DECLINED; } - lzcf = ngx_http_get_module_loc_conf(r, ngx_http_limit_zone_module); + lzcf = ngx_http_get_module_loc_conf(r, ngx_http_limit_req_module); if (lzcf->shm_zone == NULL) { return NGX_DECLINED; @@ -138,109 +142,137 @@ ngx_http_limit_zone_handler(ngx_http_req return NGX_DECLINED; } - if (len > 255) { + if (len > 65535) { ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "the value of the \"%V\" variable " - "is more than 255 bytes: \"%v\"", + "is more than 65535 bytes: \"%v\"", &ctx->var, vv); return NGX_DECLINED; } - r->main->limit_zone_set = 1; + r->main->limit_req_set = 1; hash = ngx_crc32_short(vv->data, len); - cln = ngx_pool_cleanup_add(r->pool, sizeof(ngx_http_limit_zone_cleanup_t)); - if (cln == NULL) { - return NGX_HTTP_INTERNAL_SERVER_ERROR; + ngx_shmtx_lock(&ctx->shpool->mutex); + + ngx_http_limit_req_expire(ctx, 1); + + rc = ngx_http_limit_req_lookup(lzcf, hash, vv->data, len, &lz); + + if (lz) { + ngx_queue_remove(&lz->queue); + + ngx_queue_insert_head(ctx->queue, &lz->queue); + + rate = lz->rate; + + } else { + rate = 0.0; } - shpool = (ngx_slab_pool_t *) lzcf->shm_zone->shm.addr; - - ngx_shmtx_lock(&shpool->mutex); - - node = ctx->rbtree->root; - sentinel = ctx->rbtree->sentinel; - - while (node != sentinel) { - - if (hash < node->key) { - node = node->left; - continue; - } - - if (hash > node->key) { - node = node->right; - continue; - } - - /* hash == node->key */ - - do { - lz = (ngx_http_limit_zone_node_t *) &node->color; - - rc = ngx_memn2cmp(vv->data, lz->data, len, (size_t) lz->len); + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "limit_req: %i %.3f", rc, rate); - if (rc == 0) { - if ((ngx_uint_t) lz->conn < lzcf->conn) { - lz->conn++; - goto done; - } - - ngx_shmtx_unlock(&shpool->mutex); - - return NGX_HTTP_SERVICE_UNAVAILABLE; - } - - node = (rc < 0) ? node->left : node->right; + if (rc == NGX_BUSY) { + ngx_shmtx_unlock(&ctx->shpool->mutex); - } while (node != sentinel && hash == node->key); - - break; - } + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "limiting requests, %.3f r/s", rate); - n = offsetof(ngx_rbtree_node_t, color) - + offsetof(ngx_http_limit_zone_node_t, data) - + len; - - node = ngx_slab_alloc_locked(shpool, n); - if (node == NULL) { - ngx_shmtx_unlock(&shpool->mutex); return NGX_HTTP_SERVICE_UNAVAILABLE; } - lz = (ngx_http_limit_zone_node_t *) &node->color; + if (rc == NGX_AGAIN) { + ngx_shmtx_unlock(&ctx->shpool->mutex); + + if (lzcf->delay) { + ngx_log_error(NGX_LOG_WARN, r->connection->log, 0, + "delaying requests, %.3f r/s", rate); + + if (ngx_handle_read_event(r->connection->read, 0) != NGX_OK) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + r->read_event_handler = ngx_http_test_reading; + r->write_event_handler = ngx_http_limit_req_delay; + ngx_add_timer(r->connection->write, lzcf->delay); + + return NGX_AGAIN; + } + + return NGX_DECLINED; + } + + if (rc == NGX_OK) { + goto done; + } + + /* rc == NGX_DECLINED */ + + n = offsetof(ngx_rbtree_node_t, color) + + offsetof(ngx_http_limit_req_node_t, data) + + len; + + node = ngx_slab_alloc_locked(ctx->shpool, n); + if (node == NULL) { + + ngx_http_limit_req_expire(ctx, 0); + + node = ngx_slab_alloc_locked(ctx->shpool, n); + if (node == NULL) { + ngx_shmtx_unlock(&ctx->shpool->mutex); + return NGX_HTTP_SERVICE_UNAVAILABLE; + } + } + + lz = (ngx_http_limit_req_node_t *) &node->color; node->key = hash; lz->len = (u_char) len; - lz->conn = 1; + + tp = ngx_timeofday(); + lz->last = (ngx_msec_t) (tp->sec * 1000 + tp->msec); + + lz->rate = 0.0; ngx_memcpy(lz->data, vv->data, len); ngx_rbtree_insert(ctx->rbtree, node); + ngx_queue_insert_head(ctx->queue, &lz->queue); + done: - ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, - "limit zone: %08XD %d", node->key, lz->conn); - - ngx_shmtx_unlock(&shpool->mutex); - - cln->handler = ngx_http_limit_zone_cleanup; - lzcln = cln->data; - - lzcln->shm_zone = lzcf->shm_zone; - lzcln->node = node; + ngx_shmtx_unlock(&ctx->shpool->mutex); return NGX_DECLINED; } static void -ngx_http_limit_zone_rbtree_insert_value(ngx_rbtree_node_t *temp, +ngx_http_limit_req_delay(ngx_http_request_t *r) +{ + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "limit_req delay"); + + if (ngx_handle_read_event(r->connection->read, 0) != NGX_OK) { + ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); + return; + } + + r->read_event_handler = ngx_http_block_reading; + r->write_event_handler = ngx_http_core_run_phases; + + ngx_http_core_run_phases(r); +} + + +static void +ngx_http_limit_req_rbtree_insert_value(ngx_rbtree_node_t *temp, ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel) { - ngx_rbtree_node_t **p; - ngx_http_limit_zone_node_t *lzn, *lznt; + ngx_rbtree_node_t **p; + ngx_http_limit_req_node_t *lzn, *lznt; for ( ;; ) { @@ -254,8 +286,8 @@ ngx_http_limit_zone_rbtree_insert_value( } else { /* node->key == temp->key */ - lzn = (ngx_http_limit_zone_node_t *) &node->color; - lznt = (ngx_http_limit_zone_node_t *) &temp->color; + lzn = (ngx_http_limit_req_node_t *) &node->color; + lznt = (ngx_http_limit_req_node_t *) &temp->color; p = (ngx_memn2cmp(lzn->data, lznt->data, lzn->len, lznt->len) < 0) ? &temp->left : &temp->right; @@ -276,87 +308,200 @@ ngx_http_limit_zone_rbtree_insert_value( } -static void -ngx_http_limit_zone_cleanup(void *data) +static ngx_int_t +ngx_http_limit_req_lookup(ngx_http_limit_req_conf_t *lzcf, ngx_uint_t hash, + u_char *data, size_t len, ngx_http_limit_req_node_t **lzp) { - ngx_http_limit_zone_cleanup_t *lzcln = data; + ngx_int_t rc; + ngx_time_t *tp; + ngx_msec_t now; + ngx_msec_int_t ms; + ngx_rbtree_node_t *node, *sentinel; + ngx_http_limit_req_ctx_t *ctx; + ngx_http_limit_req_node_t *lz; + + ctx = lzcf->shm_zone->data; + + node = ctx->rbtree->root; + sentinel = ctx->rbtree->sentinel; - ngx_slab_pool_t *shpool; - ngx_rbtree_node_t *node; - ngx_http_limit_zone_ctx_t *ctx; - ngx_http_limit_zone_node_t *lz; + while (node != sentinel) { + + if (hash < node->key) { + node = node->left; + continue; + } + + if (hash > node->key) { + node = node->right; + continue; + } + + /* hash == node->key */ + + do { + lz = (ngx_http_limit_req_node_t *) &node->color; - ctx = lzcln->shm_zone->data; - shpool = (ngx_slab_pool_t *) lzcln->shm_zone->shm.addr; - node = lzcln->node; - lz = (ngx_http_limit_zone_node_t *) &node->color; + rc = ngx_memn2cmp(data, lz->data, len, (size_t) lz->len); + + if (rc == 0) { + + tp = ngx_timeofday(); - ngx_shmtx_lock(&shpool->mutex); + now = (ngx_msec_t) (tp->sec * 1000 + tp->msec); + ms = (ngx_msec_int_t) (now - lz->last); + + lz->rate = lz->rate - ctx->rate * ngx_abs(ms) / 1000 + 1; + + if (lz->rate < 0.0) { + lz->rate = 0.0; + } + + lz->last = now; - ngx_log_debug2(NGX_LOG_DEBUG_HTTP, lzcln->shm_zone->shm.log, 0, - "limit zone cleanup: %08XD %d", node->key, lz->conn); + *lzp = lz; + + if (lz->rate > lzcf->burst) { + return NGX_BUSY; + } - lz->conn--; + if (lz->rate > ctx->rate) { + return NGX_AGAIN; + } - if (lz->conn == 0) { - ngx_rbtree_delete(ctx->rbtree, node); - ngx_slab_free_locked(shpool, node); + return NGX_OK; + } + + node = (rc < 0) ? node->left : node->right; + + } while (node != sentinel && hash == node->key); + + break; } - ngx_shmtx_unlock(&shpool->mutex); + *lzp = NULL; + + return NGX_DECLINED; +} + + +static void +ngx_http_limit_req_expire(ngx_http_limit_req_ctx_t *ctx, ngx_uint_t n) +{ + float rate; + ngx_time_t *tp; + ngx_msec_t now; + ngx_queue_t *q; + ngx_msec_int_t ms; + ngx_rbtree_node_t *node; + ngx_http_limit_req_node_t *lz; + + tp = ngx_timeofday(); + + now = (ngx_msec_t) (tp->sec * 1000 + tp->msec); + + /* + * n == 1 deletes one or two zero rate entries + * n == 0 deletes oldest entry by force + * and one or two zero rate entries + */ + + while (n < 3) { + + if (ngx_queue_empty(ctx->queue)) { + return; + } + + q = ngx_queue_last(ctx->queue); + + lz = ngx_queue_data(q, ngx_http_limit_req_node_t, queue); + + if (n++ != 0) { + + ms = (ngx_msec_int_t) (now - lz->last); + ms = ngx_abs(ms); + + if (ms < 60000) { + return; + } + + rate = lz->rate - ctx->rate * ms / 1000; + + if (rate > 0.0) { + return; + } + } + + ngx_queue_remove(q); + + node = (ngx_rbtree_node_t *) + ((u_char *) lz - offsetof(ngx_rbtree_node_t, color)); + + ngx_rbtree_delete(ctx->rbtree, node); + + ngx_slab_free_locked(ctx->shpool, node); + } } static ngx_int_t -ngx_http_limit_zone_init_zone(ngx_shm_zone_t *shm_zone, void *data) +ngx_http_limit_req_init_zone(ngx_shm_zone_t *shm_zone, void *data) { - ngx_http_limit_zone_ctx_t *octx = data; + ngx_http_limit_req_ctx_t *octx = data; - ngx_slab_pool_t *shpool; - ngx_rbtree_node_t *sentinel; - ngx_http_limit_zone_ctx_t *ctx; + ngx_rbtree_node_t *sentinel; + ngx_http_limit_req_ctx_t *ctx; ctx = shm_zone->data; if (octx) { if (ngx_strcmp(ctx->var.data, octx->var.data) != 0) { ngx_log_error(NGX_LOG_EMERG, shm_zone->shm.log, 0, - "limit_zone \"%V\" uses the \"%V\" variable " + "limit_req \"%V\" uses the \"%V\" variable " "while previously it used the \"%V\" variable", &shm_zone->name, &ctx->var, &octx->var); return NGX_ERROR; } ctx->rbtree = octx->rbtree; + ctx->queue = octx->queue; + ctx->shpool = octx->shpool; return NGX_OK; } - shpool = (ngx_slab_pool_t *) shm_zone->shm.addr; + ctx->shpool = (ngx_slab_pool_t *) shm_zone->shm.addr; - ctx->rbtree = ngx_slab_alloc(shpool, sizeof(ngx_rbtree_t)); + ctx->rbtree = ngx_slab_alloc(ctx->shpool, sizeof(ngx_rbtree_t)); if (ctx->rbtree == NULL) { return NGX_ERROR; } - sentinel = ngx_slab_alloc(shpool, sizeof(ngx_rbtree_node_t)); + sentinel = ngx_slab_alloc(ctx->shpool, sizeof(ngx_rbtree_node_t)); if (sentinel == NULL) { return NGX_ERROR; } ngx_rbtree_init(ctx->rbtree, sentinel, - ngx_http_limit_zone_rbtree_insert_value); + ngx_http_limit_req_rbtree_insert_value); + + ctx->queue = ngx_slab_alloc(ctx->shpool, sizeof(ngx_queue_t)); + if (ctx->queue == NULL) { + return NGX_ERROR; + } + + ngx_queue_init(ctx->queue); return NGX_OK; } static void * -ngx_http_limit_zone_create_conf(ngx_conf_t *cf) +ngx_http_limit_req_create_conf(ngx_conf_t *cf) { - ngx_http_limit_zone_conf_t *conf; + ngx_http_limit_req_conf_t *conf; - conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_limit_zone_conf_t)); + conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_limit_req_conf_t)); if (conf == NULL) { return NGX_CONF_ERROR; } @@ -365,7 +510,8 @@ ngx_http_limit_zone_create_conf(ngx_conf * set by ngx_pcalloc(): * * conf->shm_zone = NULL; - * conf->conn = 0; + * conf->burst = 0.0; + * conf->delay = 0; */ return conf; @@ -373,10 +519,10 @@ ngx_http_limit_zone_create_conf(ngx_conf static char * -ngx_http_limit_zone_merge_conf(ngx_conf_t *cf, void *parent, void *child) +ngx_http_limit_req_merge_conf(ngx_conf_t *cf, void *parent, void *child) { - ngx_http_limit_zone_conf_t *prev = parent; - ngx_http_limit_zone_conf_t *conf = child; + ngx_http_limit_req_conf_t *prev = parent; + ngx_http_limit_req_conf_t *conf = child; if (conf->shm_zone == NULL) { *conf = *prev; @@ -387,53 +533,118 @@ ngx_http_limit_zone_merge_conf(ngx_conf_ static char * -ngx_http_limit_zone(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) +ngx_http_limit_req_zone(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { - ssize_t n; - ngx_str_t *value; - ngx_shm_zone_t *shm_zone; - ngx_http_limit_zone_ctx_t *ctx; + u_char *p; + size_t size, len; + ngx_str_t *value, name, s; + ngx_int_t rate, scale; + ngx_uint_t i; + ngx_shm_zone_t *shm_zone; + ngx_http_limit_req_ctx_t *ctx; value = cf->args->elts; - if (value[2].data[0] != '$') { - ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, - "invalid variable name \"%V\"", &value[2]); - return NGX_CONF_ERROR; - } + ctx = NULL; + size = 0; + rate = 1; + scale = 1; + name.len = 0; + + for (i = 1; i < cf->args->nelts; i++) { + + if (ngx_strncmp(value[i].data, "zone=", 5) == 0) { + + name.data = value[i].data + 5; + + p = (u_char *) ngx_strchr(name.data, ':'); + + if (p) { + name.len = p - name.data; + + p++; + + s.len = value[i].data + value[i].len - p; + s.data = p; + + size = ngx_parse_size(&s); + if (size > 8191) { + continue; + } + } + + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "invalid zone size \"%V\"", &value[i]); + return NGX_CONF_ERROR; + } + + if (ngx_strncmp(value[i].data, "rate=", 5) == 0) { + + len = value[i].len; + p = value[i].data + len - 3; - value[2].len--; - value[2].data++; + if (ngx_strncmp(p, "r/s", 3) == 0) { + scale = 1; + len -= 3; + + } else if (ngx_strncmp(p, "r/m", 3) == 0) { + scale = 60; + len -= 3; + } + + rate = ngx_atoi(value[i].data + 5, len - 5); + if (rate <= NGX_ERROR) { + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "invalid rate \"%V\"", &value[i]); + return NGX_CONF_ERROR; + } + + continue; + } + + if (value[i].data[0] == '$') { - ctx = ngx_pcalloc(cf->pool, sizeof(ngx_http_limit_zone_ctx_t)); - if (ctx == NULL) { + value[i].len--; + value[i].data++; + + ctx = ngx_pcalloc(cf->pool, sizeof(ngx_http_limit_req_ctx_t)); + if (ctx == NULL) { + return NGX_CONF_ERROR; + } + + ctx->index = ngx_http_get_variable_index(cf, &value[i]); + if (ctx->index == NGX_ERROR) { + return NGX_CONF_ERROR; + } + + ctx->var = value[i]; + + continue; + } + + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "invalid parameter \"%V\"", &value[i]); return NGX_CONF_ERROR; } - ctx->index = ngx_http_get_variable_index(cf, &value[2]); - if (ctx->index == NGX_ERROR) { + if (name.len == 0 || size == 0) { + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "\"%V\" must have \"zone\" parameter", + &cmd->name); return NGX_CONF_ERROR; } - ctx->var = value[2]; - - n = ngx_parse_size(&value[3]); - - if (n == NGX_ERROR) { + if (ctx == NULL) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, - "invalid size of limit_zone \"%V\"", &value[3]); + "no variable is defined for limit_req_zone \"%V\"", + &cmd->name); return NGX_CONF_ERROR; } - if (n < (ngx_int_t) (8 * ngx_pagesize)) { - ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, - "limit_zone \"%V\" is too small", &value[1]); - return NGX_CONF_ERROR; - } + ctx->rate = (float) rate / scale; - - shm_zone = ngx_shared_memory_add(cf, &value[1], n, - &ngx_http_limit_zone_module); + shm_zone = ngx_shared_memory_add(cf, &name, size, + &ngx_http_limit_req_module); if (shm_zone == NULL) { return NGX_CONF_ERROR; } @@ -442,12 +653,12 @@ ngx_http_limit_zone(ngx_conf_t *cf, ngx_ ctx = shm_zone->data; ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, - "limit_zone \"%V\" is already bound to variable \"%V\"", - &value[1], &ctx->var); + "limit_req_zone \"%V\" is already bound to variable \"%V\"", + &value[1], &ctx->var); return NGX_CONF_ERROR; } - shm_zone->init = ngx_http_limit_zone_init_zone; + shm_zone->init = ngx_http_limit_req_init_zone; shm_zone->data = ctx; return NGX_CONF_OK; @@ -455,42 +666,117 @@ ngx_http_limit_zone(ngx_conf_t *cf, ngx_ static char * -ngx_http_limit_conn(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) +ngx_http_limit_req(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { - ngx_http_limit_zone_conf_t *lzcf = conf; + ngx_http_limit_req_conf_t *lzcf = conf; - ngx_int_t n; - ngx_str_t *value; + u_char *p; + size_t len; + ngx_int_t burst, scale, delay; + ngx_str_t *value, s; + ngx_uint_t i; + ngx_http_limit_req_ctx_t *ctx; + + if (lzcf->shm_zone) { + return "is duplicate"; + } value = cf->args->elts; - lzcf->shm_zone = ngx_shared_memory_add(cf, &value[1], 0, - &ngx_http_limit_zone_module); - if (lzcf->shm_zone == NULL) { + burst = 0; + scale = 1; + delay = 0; + + for (i = 1; i < cf->args->nelts; i++) { + + if (ngx_strncmp(value[i].data, "zone=", 5) == 0) { + + s.len = value[i].len - 5; + s.data = value[i].data + 5; + + lzcf->shm_zone = ngx_shared_memory_add(cf, &s, 0, + &ngx_http_limit_req_module); + if (lzcf->shm_zone == NULL) { + return NGX_CONF_ERROR; + } + + continue; + } + + if (ngx_strncmp(value[i].data, "burst=", 6) == 0) { + + len = value[i].len; + p = value[i].data + len - 3; + + if (ngx_strncmp(p, "r/s", 3) == 0) { + scale = 1; + len -= 3; + + } else if (ngx_strncmp(p, "r/m", 3) == 0) { + scale = 60; + len -= 3; + } + + burst = ngx_atoi(value[i].data + 6, len - 6); + if (burst <= 0) { + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "invalid burst rate \"%V\"", &value[i]); + return NGX_CONF_ERROR; + } + + continue; + } + + if (ngx_strncmp(value[i].data, "delay=", 6) == 0) { + + s.len = value[i].len - 6; + s.data = value[i].data + 6; + + delay = ngx_parse_time(&s, 0); + if (delay < 0) { + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "invalid clean_time value \"%V\"", &value[i]); + return NGX_CONF_ERROR; + } + + continue; + } + + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "invalid parameter \"%V\"", &value[i]); return NGX_CONF_ERROR; } - n = ngx_atoi(value[2].data, value[2].len); - if (n <= 0) { + if (lzcf->shm_zone == NULL) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, - "invalid number of connections \"%V\"", &value[2]); + "\"%V\" must have \"zone\" parameter", + &cmd->name); return NGX_CONF_ERROR; } - if (n > 65535) { + if (lzcf->shm_zone->data == NULL) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, - "connection limit must be less 65536"); + "unknown limit_req_zone \"%V\"", + &lzcf->shm_zone->name); return NGX_CONF_ERROR; } - lzcf->conn = n; + if (burst) { + lzcf->burst = (float) burst / scale; + + } else { + ctx = lzcf->shm_zone->data; + lzcf->burst = ctx->rate; + } + + lzcf->delay = (ngx_msec_t) delay; return NGX_CONF_OK; } static ngx_int_t -ngx_http_limit_zone_init(ngx_conf_t *cf) +ngx_http_limit_req_init(ngx_conf_t *cf) { ngx_http_handler_pt *h; ngx_http_core_main_conf_t *cmcf; @@ -502,7 +788,7 @@ ngx_http_limit_zone_init(ngx_conf_t *cf) return NGX_ERROR; } - *h = ngx_http_limit_zone_handler; + *h = ngx_http_limit_req_handler; return NGX_OK; }
--- a/src/http/ngx_http.h +++ b/src/http/ngx_http.h @@ -106,6 +106,7 @@ size_t ngx_http_get_time(char *buf, time ngx_int_t ngx_http_discard_request_body(ngx_http_request_t *r); void ngx_http_block_reading(ngx_http_request_t *r); +void ngx_http_test_reading(ngx_http_request_t *r); char *ngx_http_types_slot(ngx_conf_t *cf, ngx_command_t *cmd, void *conf);
--- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -39,7 +39,6 @@ static void ngx_http_request_handler(ngx static ngx_int_t ngx_http_set_write_handler(ngx_http_request_t *r); static void ngx_http_writer(ngx_http_request_t *r); -static void ngx_http_test_reading(ngx_http_request_t *r); static void ngx_http_set_keepalive(ngx_http_request_t *r); static void ngx_http_keepalive_handler(ngx_event_t *ev); static void ngx_http_set_lingering_close(ngx_http_request_t *r); @@ -2024,7 +2023,7 @@ ngx_http_block_reading(ngx_http_request_ } -static void +void ngx_http_test_reading(ngx_http_request_t *r) { int n;
--- a/src/http/ngx_http_request.h +++ b/src/http/ngx_http_request.h @@ -438,10 +438,12 @@ struct ngx_http_request_s { unsigned no_cache:1; /* - * instead of using the request context data in ngx_http_limit_zone_module - * we use the single bit in the request structure + * instead of using the request context data in + * ngx_http_limit_zone_module and ngx_http_limit_req_module + * we use the single bits in the request structure */ unsigned limit_zone_set:1; + unsigned limit_req_set:1; #if 0 unsigned cacheable:1;