<div dir="ltr">Hi guys,<div><br></div><div>Aim is the same, i think, approach is different.</div><div>I want to extract user source port from proxy protocol following the v1 of the protocol discribed here:</div><div><br></div><div><a href="http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt">http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt</a></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-04-05 10:19 GMT+02:00 Aleksandar Lazic <span dir="ltr"><<a href="mailto:al-nginx@none.at" target="_blank">al-nginx@none.at</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<span class=""><br>
<br>
Am 05-04-2016 09:55, schrieb Tony Fouchard:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi guys,<br>
<br>
I need to log the user remote port at nginx level when requests are<br>
passed through proxy protocol (legal requirement), but looking at<br>
implementation I saw that all of the work stopped after reading source<br>
IP.<br>
<br>
In my setup, I have bgp sessions mounted on haproxy instances, but the<br>
haproxy acts at level 4 and only route traffic to different nginx farms<br>
depending of TLS extension value provided by client : it permits to<br>
serve for example both spdy and h2 over alpn.<br>
<br>
I have tried to implement what I needed and update the test case.<br>
</blockquote>
<br></span>
Could this be the same request?<br>
<br>
<br>
PATCH]add proxy_protocol_port variable for rfc6302<br>
<a href="http://thread.gmane.org/gmane.comp.web.nginx.devel/4273/focus=4390" rel="noreferrer" target="_blank">http://thread.gmane.org/gmane.comp.web.nginx.devel/4273/focus=4390</a><br>
<br>
Cheers aleks<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
Regards.<br>
<br>
# HG changeset patch<br>
# User Tony Fouchard <<a href="mailto:tony.fouchard@blablacar.com" target="_blank">tony.fouchard@blablacar.com</a>><br>
# Date 1459438244 -7200<br>
# Thu Mar 31 17:30:44 2016 +0200<br>
# Node ID 708e5e9873798be8786aa0234c9712ef94b5a1e2<br>
# Parent 5debefd670bcbc1d4344913bd4754452892f4cb2<br>
Retrieve the proxy protocol client port provided<br>
<br>
diff -r 5debefd670bc -r 708e5e987379 proxy_protocol.t<br>
--- a/proxy_protocol.t Mon Mar 28 19:47:38 2016 +0300<br>
+++ b/proxy_protocol.t Thu Mar 31 17:30:44 2016 +0200<br>
@@ -26,7 +26,7 @@<br>
<br>
my $t = Test::Nginx->new()->has(qw/http access ipv6 realip/);<br>
<br>
-$t->write_file_expand('nginx.conf', <<'EOF')->plan(18);<br>
+$t->write_file_expand('nginx.conf', <<'EOF')->plan(22);<br>
<br>
%%TEST_GLOBALS%%<br>
<br>
@@ -38,7 +38,7 @@<br>
http {<br>
%%TEST_GLOBALS_HTTP%%<br>
<br>
- log_format pp '$remote_addr $request';<br>
+ log_format pp '$remote_addr $request $proxy_protocol_port';<br>
<br>
server {<br></span>
listen <a href="http://127.0.0.1:8080" rel="noreferrer" target="_blank">127.0.0.1:8080</a> [1] proxy_protocol;<br>
@@ -47,6 +47,7 @@<br>
set_real_ip_from <a href="http://127.0.0.1/32" rel="noreferrer" target="_blank">127.0.0.1/32</a> [2];<span class=""><br>
add_header X-IP $remote_addr;<br>
add_header X-PP $proxy_protocol_addr;<br>
+ add_header X-PORT $proxy_protocol_port;<br>
<br>
location /pp {<br>
real_ip_header proxy_protocol;<br>
@@ -81,11 +82,14 @@<br>
$r = pp_get('/t1', $tcp4);<br>
like($r, qr/SEE-THIS/, 'tcp4 request');<br></span>
like($r, qr/X-PP: <a href="http://192.0.2.1/" rel="noreferrer" target="_blank">192.0.2.1/</a> [3], 'tcp4 proxy');<span class=""><br>
+like($r, qr/X-PORT: 1234/, 'tcp4 proxy port');<br></span>
unlike($r, qr/X-IP: <a href="http://192.0.2.1/" rel="noreferrer" target="_blank">192.0.2.1/</a> [3], 'tcp4 client');<span class=""><br>
<br>
$r = pp_get('/t1', $tcp6);<br>
like($r, qr/SEE-THIS/, 'tcp6 request');<br>
+like($r, qr/X-PORT: 1234/, 'tcp6 proxy port');<br>
like($r, qr/X-PP: 2001:DB8::1/i, 'tcp6 proxy');<br>
+<br>
unlike($r, qr/X-IP: 2001:DB8::1/i, 'tcp6 client');<br>
<br>
like(pp_get('/t1', $unk1), qr/SEE-THIS/, 'unknown request 1');<br>
@@ -96,11 +100,13 @@<br>
$r = pp_get('/pp', $tcp4);<br>
like($r, qr/SEE-THIS/, 'tcp4 request realip');<br></span>
like($r, qr/X-PP: <a href="http://192.0.2.1/" rel="noreferrer" target="_blank">192.0.2.1/</a> [3], 'tcp4 proxy realip');<span class=""><br>
+like($r, qr/X-PORT: 1234/, 'tcp4 proxy port realip');<br></span>
like($r, qr/X-IP: <a href="http://192.0.2.1/" rel="noreferrer" target="_blank">192.0.2.1/</a> [3], 'tcp4 client realip');<div><div class="h5"><br>
<br>
$r = pp_get('/pp', $tcp6);<br>
like($r, qr/SEE-THIS/, 'tcp6 request realip');<br>
like($r, qr/X-PP: 2001:DB8::1/i, 'tcp6 proxy realip');<br>
+like($r, qr/X-PORT: 1234/, 'tcp6 proxy port realip');<br>
like($r, qr/X-IP: 2001:DB8::1/i, 'tcp6 client realip');<br>
<br>
# access<br>
@@ -125,8 +131,8 @@<br>
close LOG;<br>
}<br>
<br>
-like($log, qr!^192\.0\.2\.1 GET /pp_4!m, 'tcp4 access log');<br>
-like($log, qr!^2001:DB8::1 GET /pp_6!mi, 'tcp6 access log');<br>
+like($log, qr!^192\.0\.2\.1 GET /pp_4 HTTP/1.0 1234!m, 'tcp4 access<br>
log');<br>
+like($log, qr!^2001:DB8::1 GET /pp_6 HTTP/1.0 1234!mi, 'tcp6 access<br>
log');<br>
<br>
###############################################################################<br>
<br>
# HG changeset patch<br>
# User Tony Fouchard <<a href="mailto:tony.fouchard@blablacar.com" target="_blank">tony.fouchard@blablacar.com</a>><br>
# Date 1459438562 -7200<br>
# Thu Mar 31 17:36:02 2016 +0200<br>
# Branch feat-proxy-protocol-port<br>
# Node ID 6cd4f889089344db865cd07400c15e4d5966aa01<br>
# Parent 2b7dacb381ed1c4583aa048f1b22bdc141259407<br>
Retrieve the proxy protocol client port provided<br>
<br>
diff -r 2b7dacb381ed -r 6cd4f8890893 src/core/ngx_connection.h<br>
--- a/src/core/ngx_connection.h Thu Mar 31 02:34:04 2016 +0300<br>
+++ b/src/core/ngx_connection.h Thu Mar 31 17:36:02 2016 +0200<br>
@@ -149,6 +149,7 @@<br>
ngx_str_t addr_text;<br>
<br>
ngx_str_t proxy_protocol_addr;<br>
+ ngx_str_t proxy_protocol_port;<br>
<br>
#if (NGX_SSL)<br>
ngx_ssl_connection_t *ssl;<br>
diff -r 2b7dacb381ed -r 6cd4f8890893 src/core/ngx_proxy_protocol.c<br>
--- a/src/core/ngx_proxy_protocol.c Thu Mar 31 02:34:04 2016 +0300<br>
+++ b/src/core/ngx_proxy_protocol.c Thu Mar 31 17:36:02 2016 +0200<br>
@@ -12,8 +12,8 @@<br>
u_char *<br>
ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf, u_char *last)<br>
{<br>
- size_t len;<br>
- u_char ch, *p, *addr;<br>
+ size_t len, plen;<br>
+ u_char ch, *p, *addr, *paddr;<br>
<br>
p = buf;<br>
len = last - buf;<br>
@@ -74,6 +74,57 @@<br>
ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0,<br>
"PROXY protocol address: \"%V\"",<br>
&c->proxy_protocol_addr);<br>
<br>
+ for ( ;; ) {<br>
+ if (p == last) {<br>
+ goto invalid;<br>
+ }<br>
+<br>
+ ch = *p++;<br>
+<br>
+ if (ch == ' ') {<br>
+ break;<br>
+ }<br>
+<br>
+ if (ch != ':' && ch != '.'<br>
+ && (ch < 'a' || ch > 'f')<br>
+ && (ch < 'A' || ch > 'F')<br>
+ && (ch < '0' || ch > '9'))<br>
+ {<br>
+ goto invalid;<br>
+ }<br>
+ }<br>
+<br>
+ paddr = p;<br>
<br>
+<br>
+ for ( ;; ) {<br>
+ if (p == last) {<br>
+ goto invalid;<br>
+ }<br>
+<br>
+ ch = *p++;<br>
+<br>
+ if (ch == ' ') {<br>
+ break;<br>
+ }<br>
+<br>
+ if (ch < '0' || ch > '9') {<br>
+ goto invalid;<br>
+ }<br>
+ }<br>
+<br>
+ plen = p - paddr - 1;<br>
+ c->proxy_protocol_port.data = ngx_pnalloc(c->pool, plen);<br>
+<br>
+ if (c->proxy_protocol_port.data == NULL) {<br>
+ return NULL;<br>
+ }<br>
+<br>
+ ngx_memcpy(c->proxy_protocol_port.data, paddr, plen);<br>
+ c->proxy_protocol_port.len = plen;<br>
+<br>
+ ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0,<br>
+ "PROXY protocol port: \"%V\"",<br>
&c->proxy_protocol_port);<br>
+<br>
skip:<br>
<br>
for ( /* void */ ; p < last - 1; p++) {<br>
diff -r 2b7dacb381ed -r 6cd4f8890893 src/http/ngx_http_variables.c<br>
--- a/src/http/ngx_http_variables.c Thu Mar 31 02:34:04 2016 +0300<br>
+++ b/src/http/ngx_http_variables.c Thu Mar 31 17:36:02 2016 +0200<br>
@@ -58,6 +58,8 @@<br>
ngx_http_variable_value_t *v, uintptr_t data);<br>
static ngx_int_t<br>
ngx_http_variable_proxy_protocol_addr(ngx_http_request_t *r,<br>
ngx_http_variable_value_t *v, uintptr_t data);<br>
+static ngx_int_t<br>
ngx_http_variable_proxy_protocol_port(ngx_http_request_t *r,<br>
+ ngx_http_variable_value_t *v, uintptr_t data);<br>
static ngx_int_t ngx_http_variable_server_addr(ngx_http_request_t *r,<br>
ngx_http_variable_value_t *v, uintptr_t data);<br>
static ngx_int_t ngx_http_variable_server_port(ngx_http_request_t *r,<br>
@@ -192,6 +194,9 @@<br>
{ ngx_string("proxy_protocol_addr"), NULL,<br>
ngx_http_variable_proxy_protocol_addr, 0, 0, 0 },<br>
<br>
+ { ngx_string("proxy_protocol_port"), NULL,<br>
+ ngx_http_variable_proxy_protocol_port, 0, 0, 0 },<br>
+<br>
{ ngx_string("server_addr"), NULL, ngx_http_variable_server_addr,<br>
0, 0, 0 },<br>
<br>
{ ngx_string("server_port"), NULL, ngx_http_variable_server_port,<br>
0, 0, 0 },<br>
@@ -1250,6 +1255,20 @@<br>
<br>
static ngx_int_t<br>
+ngx_http_variable_proxy_protocol_port(ngx_http_request_t *r,<br>
+ ngx_http_variable_value_t *v, uintptr_t data)<br>
+{<br>
+ v->len = r->connection->proxy_protocol_port.len;<br>
+ v->valid = 1;<br>
+ v->no_cacheable = 0;<br>
+ v->not_found = 0;<br>
+ v->data = r->connection->proxy_protocol_port.data;<br>
+<br>
+ return NGX_OK;<br>
+}<br>
+<br>
+<br>
+static ngx_int_t<br>
ngx_http_variable_server_addr(ngx_http_request_t *r,<br>
ngx_http_variable_value_t *v, uintptr_t data)<br>
{<br>
<br>
<br>
<br></div></div>
Links:<br>
------<br>
[1] <a href="http://127.0.0.1:8080" rel="noreferrer" target="_blank">http://127.0.0.1:8080</a><br>
[2] <a href="http://127.0.0.1/32" rel="noreferrer" target="_blank">http://127.0.0.1/32</a><br>
[3] <a href="http://192.0.2.1/" rel="noreferrer" target="_blank">http://192.0.2.1/</a><br>
<br>
_______________________________________________<br>
nginx-devel mailing list<br>
<a href="mailto:nginx-devel@nginx.org" target="_blank">nginx-devel@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx-devel" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx-devel</a><br>
</blockquote>
</blockquote></div><br></div>