# HG changeset patch # User Maxim Dounin # Date 1248340722 -14400 # Node ID 18515436c0f1d40c5f36b78bf1fedd2c7aa6a6a0 Ip tos filter module. diff --git a/LICENSE b/LICENSE new file mode 100644 --- /dev/null +++ b/LICENSE @@ -0,0 +1,25 @@ +/* + * Copyright (C) 2009 Maxim Dounin + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + */ diff --git a/README b/README new file mode 100644 --- /dev/null +++ b/README @@ -0,0 +1,40 @@ +IP TOS module for nginx. + +This module was designed to allow setting of ip_tos ip header byte on +outgoing packets sent by nginx. It may be used to implement smart QoS +and traffic shaping at firewall/router level. + +Note that it doesn't try to impose any limits on TOS field and should be used +with care. At least you probably shouldn't touch two lower bits related +to ECN. + +Some TOS related info may be found here: + +http://en.wikipedia.org/wiki/Type_of_Service +http://en.wikipedia.org/wiki/Differentiated_services +http://en.wikipedia.org/wiki/Quality_of_Service + +Configuration directives: + + ip_tos (off|0xHH) + + Context: http, server, location + Default: off + + Switches ip tos setting and specifies value to use. + +Usage: + + ip_tos 0x00; + + location /video/ { + ip_tos 0x10; + } + +Note that setting TOS happens at request start and only if configured, so +keepalive connections may inherit TOS from previous request. It is good +idea to explicitly set default TOS value at server level (or even at http +level if the same listening socket used by more than one server). + +To compile nginx with ip tos module use "--add-module " option to nginx +configure. diff --git a/config b/config new file mode 100644 --- /dev/null +++ b/config @@ -0,0 +1,10 @@ +# (C) Maxim Dounin +# Configuration for ngx_http_ip_tos_filter_module. + +ngx_addon_name="ngx_http_ip_tos_filter_module" + +HTTP_AUX_FILTER_MODULES="$HTTP_AUX_FILTER_MODULES \ + ngx_http_ip_tos_filter_module" + +NGX_ADDON_SRCS="$NGX_ADDON_SRCS \ + $ngx_addon_dir/ngx_http_ip_tos_filter_module.c" diff --git a/ngx_http_ip_tos_filter_module.c b/ngx_http_ip_tos_filter_module.c new file mode 100644 --- /dev/null +++ b/ngx_http_ip_tos_filter_module.c @@ -0,0 +1,177 @@ + +/* + * Copyright (C) Maxim Dounin + */ + +#include +#include +#include + + +typedef struct { + ngx_flag_t enable; + ngx_uint_t tos; +} ngx_http_ip_tos_conf_t; + + +static void *ngx_http_ip_tos_create_conf(ngx_conf_t *cf); +static char *ngx_http_ip_tos_merge_conf(ngx_conf_t *cf, void *parent, + void *child); +static char *ngx_http_ip_tos(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); +static ngx_int_t ngx_http_ip_tos_init(ngx_conf_t *cf); + + +static ngx_command_t ngx_http_ip_tos_commands[] = { + + { ngx_string("ip_tos"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, + ngx_http_ip_tos, + NGX_HTTP_LOC_CONF_OFFSET, + 0, + NULL }, + + ngx_null_command +}; + + +static ngx_http_module_t ngx_http_ip_tos_module_ctx = { + NULL, /* preconfiguration */ + ngx_http_ip_tos_init, /* postconfiguration */ + + NULL, /* create main configuration */ + NULL, /* init main configuration */ + + NULL, /* create server configuration */ + NULL, /* merge server configuration */ + + ngx_http_ip_tos_create_conf, /* create location configuration */ + ngx_http_ip_tos_merge_conf /* merge location configuration */ +}; + + +ngx_module_t ngx_http_ip_tos_filter_module = { + NGX_MODULE_V1, + &ngx_http_ip_tos_module_ctx, /* module context */ + ngx_http_ip_tos_commands, /* module directives */ + NGX_HTTP_MODULE, /* module type */ + NULL, /* init master */ + NULL, /* init module */ + NULL, /* init process */ + NULL, /* init thread */ + NULL, /* exit thread */ + NULL, /* exit process */ + NULL, /* exit master */ + NGX_MODULE_V1_PADDING +}; + + +static ngx_http_output_header_filter_pt ngx_http_next_header_filter; + + +static ngx_int_t +ngx_http_ip_tos_header_filter(ngx_http_request_t *r) +{ + int tos; + ngx_http_ip_tos_conf_t *conf; + + if (r != r->main) { + return ngx_http_next_header_filter(r); + } + + conf = ngx_http_get_module_loc_conf(r, ngx_http_ip_tos_filter_module); + + if (!conf->enable) { + return ngx_http_next_header_filter(r); + } + + tos = conf->tos; + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "ip tos: 0x%02Xi", tos); + + if (setsockopt(r->connection->fd, IPPROTO_IP, IP_TOS, + (const void *) &tos, sizeof(tos)) == -1) + { + ngx_log_error(NGX_LOG_ALERT, r->connection->log, ngx_socket_errno, + "setsockopt(IP_TOS) failed"); + } + + return ngx_http_next_header_filter(r); +} + + +static void * +ngx_http_ip_tos_create_conf(ngx_conf_t *cf) +{ + ngx_http_ip_tos_conf_t *conf; + + conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_ip_tos_conf_t)); + if (conf == NULL) { + return NULL; + } + + conf->enable = NGX_CONF_UNSET; + conf->tos = NGX_CONF_UNSET_UINT; + + return conf; +} + + +static char * +ngx_http_ip_tos_merge_conf(ngx_conf_t *cf, void *parent, void *child) +{ + ngx_http_ip_tos_conf_t *prev = parent; + ngx_http_ip_tos_conf_t *conf = child; + + ngx_conf_merge_value(conf->enable, prev->enable, 0); + ngx_conf_merge_uint_value(conf->tos, prev->tos, 0); + + return NGX_CONF_OK; +} + + +static char * +ngx_http_ip_tos(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) +{ + ngx_http_ip_tos_conf_t *itcf = conf; + + ngx_int_t n; + ngx_str_t *value; + + if (itcf->enable != NGX_CONF_UNSET) { + return "is duplicate"; + } + + value = cf->args->elts; + + if (ngx_strcasecmp(value[1].data, (u_char *) "off") == 0) { + itcf->enable = 0; + return NGX_CONF_OK; + } + + if (value[1].len != 4 || value[1].data[0] != '0' || + (value[1].data[1] != 'x' && value[1].data[1] != 'X')) + { + return "invalid argument 1"; + } + + n = ngx_hextoi(value[1].data + 2, value[1].len - 2); + if (n == NGX_ERROR || n < 0 || n > 255) { + return "invalid argument 2"; + } + + itcf->enable = 1; + itcf->tos = n; + + return NGX_CONF_OK; +} + + +static ngx_int_t +ngx_http_ip_tos_init(ngx_conf_t *cf) +{ + ngx_http_next_header_filter = ngx_http_top_header_filter; + ngx_http_top_header_filter = ngx_http_ip_tos_header_filter; + + return NGX_OK; +}