[nginx] Core: revised the PROXY protocol v2 code.

Ruslan Ermilov ru at nginx.com
Mon Apr 2 16:14:02 UTC 2018


details:   http://hg.nginx.org/nginx/rev/63e91f263a49
branches:  
changeset: 7253:63e91f263a49
user:      Ruslan Ermilov <ru at nginx.com>
date:      Mon Apr 02 18:40:04 2018 +0300
description:
Core: revised the PROXY protocol v2 code.

- use normal prefixes for types and macros
- removed some macros and types
- revised debug messages
- removed useless check of ngx_sock_ntop() returning 0
- removed special processing of AF_UNSPEC

diffstat:

 src/core/ngx_proxy_protocol.c |  154 ++++++++++++++++++-----------------------
 1 files changed, 69 insertions(+), 85 deletions(-)

diffs (271 lines):

diff -r 7bdab16c55f1 -r 63e91f263a49 src/core/ngx_proxy_protocol.c
--- a/src/core/ngx_proxy_protocol.c	Tue Mar 27 18:39:38 2018 +0300
+++ b/src/core/ngx_proxy_protocol.c	Mon Apr 02 18:40:04 2018 +0300
@@ -9,54 +9,40 @@
 #include <ngx_core.h>
 
 
-#define NGX_PP_V2_SIGLEN         12
-#define NGX_PP_V2_CMD_PROXY      1
-#define NGX_PP_V2_STREAM         1
-
-#define NGX_PP_V2_AF_UNSPEC      0
-#define NGX_PP_V2_AF_INET        1
-#define NGX_PP_V2_AF_INET6       2
+#define NGX_PROXY_PROTOCOL_AF_INET          1
+#define NGX_PROXY_PROTOCOL_AF_INET6         2
 
 
-#define ngx_pp_v2_get_u16(p)     ((p)[0] << 8 | (p)[1])
+#define ngx_proxy_protocol_parse_uint16(p)  ((p)[0] << 8 | (p)[1])
 
 
 typedef struct {
-    u_char                       signature[NGX_PP_V2_SIGLEN];
-    u_char                       ver_cmd;
-    u_char                       family_transport;
-    u_char                       len[2];
-} ngx_pp_v2_header_t;
+    u_char                                  signature[12];
+    u_char                                  version_command;
+    u_char                                  family_transport;
+    u_char                                  len[2];
+} ngx_proxy_protocol_header_t;
 
 
 typedef struct {
-    u_char                       src[4];
-    u_char                       dst[4];
-    u_char                       sport[2];
-    u_char                       dport[2];
-} ngx_pp_v2_inet_addrs_t;
+    u_char                                  s_addr[4];
+    u_char                                  d_addr[4];
+    u_char                                  s_port[2];
+    u_char                                  d_port[2];
+} ngx_proxy_protocol_inet_addrs_t;
 
 
 typedef struct {
-    u_char                       src[16];
-    u_char                       dst[16];
-    u_char                       sport[2];
-    u_char                       dport[2];
-} ngx_pp_v2_inet6_addrs_t;
-
-
-typedef union {
-    ngx_pp_v2_inet_addrs_t       inet;
-    ngx_pp_v2_inet6_addrs_t      inet6;
-} ngx_pp_v2_addrs_t;
+    u_char                                  s_addr[16];
+    u_char                                  d_addr[16];
+    u_char                                  s_port[2];
+    u_char                                  d_port[2];
+} ngx_proxy_protocol_inet6_addrs_t;
 
 
 static u_char *ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf,
     u_char *last);
 
-static const u_char ngx_pp_v2_signature[NGX_PP_V2_SIGLEN] =
-    { 0x0d, 0x0a, 0x0d, 0x0a, 0x00, 0x0d, 0x0a, 0x51, 0x55, 0x49, 0x54, 0x0a };
-
 
 u_char *
 ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf, u_char *last)
@@ -65,11 +51,13 @@ ngx_proxy_protocol_read(ngx_connection_t
     u_char     ch, *p, *addr, *port;
     ngx_int_t  n;
 
+    static const u_char signature[] = "\r\n\r\n\0\r\nQUIT\n";
+
     p = buf;
     len = last - buf;
 
-    if (len >= sizeof(ngx_pp_v2_header_t)
-        && memcmp(p, ngx_pp_v2_signature, NGX_PP_V2_SIGLEN) == 0)
+    if (len >= sizeof(ngx_proxy_protocol_header_t)
+        && memcmp(p, signature, sizeof(signature) - 1) == 0)
     {
         return ngx_proxy_protocol_v2_read(c, buf, last);
     }
@@ -227,28 +215,30 @@ ngx_proxy_protocol_write(ngx_connection_
 static u_char *
 ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf, u_char *last)
 {
-    u_char              *end;
-    size_t               len;
-    socklen_t            socklen;
-    ngx_str_t           *name;
-    ngx_uint_t           ver, cmd, family, transport;
-    ngx_sockaddr_t       sockaddr;
-    ngx_pp_v2_addrs_t   *addrs;
-    ngx_pp_v2_header_t  *hdr;
+    u_char                             *end;
+    size_t                              len;
+    socklen_t                           socklen;
+    ngx_uint_t                          version, command, family, transport;
+    ngx_sockaddr_t                      sockaddr;
+    ngx_proxy_protocol_header_t        *header;
+    ngx_proxy_protocol_inet_addrs_t    *inet;
+#if (NGX_HAVE_INET6)
+    ngx_proxy_protocol_inet6_addrs_t   *inet6;
+#endif
 
-    hdr = (ngx_pp_v2_header_t *) buf;
+    header = (ngx_proxy_protocol_header_t *) buf;
 
-    buf += sizeof(ngx_pp_v2_header_t);
+    buf += sizeof(ngx_proxy_protocol_header_t);
 
-    ver = hdr->ver_cmd >> 4;
+    version = header->version_command >> 4;
 
-    if (ver != 2) {
+    if (version != 2) {
         ngx_log_error(NGX_LOG_ERR, c->log, 0,
-                      "unsupported PROXY protocol version: %ui", ver);
+                      "unknown PROXY protocol version: %ui", version);
         return NULL;
     }
 
-    len = ngx_pp_v2_get_u16(hdr->len);
+    len = ngx_proxy_protocol_parse_uint16(header->len);
 
     if ((size_t) (last - buf) < len) {
         ngx_log_error(NGX_LOG_ERR, c->log, 0, "header is too large");
@@ -257,102 +247,96 @@ ngx_proxy_protocol_v2_read(ngx_connectio
 
     end = buf + len;
 
-    cmd = hdr->ver_cmd & 0x0f;
+    command = header->version_command & 0x0f;
 
-    if (cmd != NGX_PP_V2_CMD_PROXY) {
+    /* only PROXY is supported */
+    if (command != 1) {
         ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0,
-                       "PROXY protocol v2 unsupported command 0x%xi", cmd);
+                       "PROXY protocol v2 unsupported command %ui", command);
         return end;
     }
 
-    transport = hdr->family_transport & 0x0f;
+    transport = header->family_transport & 0x0f;
 
-    if (transport != NGX_PP_V2_STREAM) {
+    /* only STREAM is supported */
+    if (transport != 1) {
         ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0,
-                       "PROXY protocol v2 unsupported transport 0x%xi",
+                       "PROXY protocol v2 unsupported transport %ui",
                        transport);
         return end;
     }
 
-    family = hdr->family_transport >> 4;
-
-    addrs = (ngx_pp_v2_addrs_t *) buf;
+    family = header->family_transport >> 4;
 
     switch (family) {
 
-    case NGX_PP_V2_AF_UNSPEC:
-        ngx_log_debug0(NGX_LOG_DEBUG_CORE, c->log, 0,
-                       "PROXY protocol v2 AF_UNSPEC ignored");
-        return end;
+    case NGX_PROXY_PROTOCOL_AF_INET:
 
-    case NGX_PP_V2_AF_INET:
-
-        if ((size_t) (end - buf) < sizeof(ngx_pp_v2_inet_addrs_t)) {
+        if ((size_t) (end - buf) < sizeof(ngx_proxy_protocol_inet_addrs_t)) {
             return NULL;
         }
 
+        inet = (ngx_proxy_protocol_inet_addrs_t *) buf;
+
         sockaddr.sockaddr_in.sin_family = AF_INET;
         sockaddr.sockaddr_in.sin_port = 0;
-        memcpy(&sockaddr.sockaddr_in.sin_addr, addrs->inet.src, 4);
+        memcpy(&sockaddr.sockaddr_in.sin_addr, inet->s_addr, 4);
 
-        c->proxy_protocol_port = ngx_pp_v2_get_u16(addrs->inet.sport);
+        c->proxy_protocol_port = ngx_proxy_protocol_parse_uint16(inet->s_port);
 
         socklen = sizeof(struct sockaddr_in);
 
-        buf += sizeof(ngx_pp_v2_inet_addrs_t);
+        buf += sizeof(ngx_proxy_protocol_inet_addrs_t);
 
         break;
 
 #if (NGX_HAVE_INET6)
 
-    case NGX_PP_V2_AF_INET6:
+    case NGX_PROXY_PROTOCOL_AF_INET6:
 
-        if ((size_t) (end - buf) < sizeof(ngx_pp_v2_inet6_addrs_t)) {
+        if ((size_t) (end - buf) < sizeof(ngx_proxy_protocol_inet6_addrs_t)) {
             return NULL;
         }
 
+        inet6 = (ngx_proxy_protocol_inet6_addrs_t *) buf;
+
         sockaddr.sockaddr_in6.sin6_family = AF_INET6;
         sockaddr.sockaddr_in6.sin6_port = 0;
-        memcpy(&sockaddr.sockaddr_in6.sin6_addr, addrs->inet6.src, 16);
+        memcpy(&sockaddr.sockaddr_in6.sin6_addr, inet6->s_addr, 16);
 
-        c->proxy_protocol_port = ngx_pp_v2_get_u16(addrs->inet6.sport);
+        c->proxy_protocol_port = ngx_proxy_protocol_parse_uint16(inet6->s_port);
 
         socklen = sizeof(struct sockaddr_in6);
 
-        buf += sizeof(ngx_pp_v2_inet6_addrs_t);
+        buf += sizeof(ngx_proxy_protocol_inet6_addrs_t);
 
         break;
 
 #endif
 
     default:
-
         ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0,
-                       "PROXY protocol v2 unsupported address family 0x%xi",
+                       "PROXY protocol v2 unsupported address family %ui",
                        family);
         return end;
     }
 
-    name = &c->proxy_protocol_addr;
-
-    name->data = ngx_pnalloc(c->pool, NGX_SOCKADDR_STRLEN);
-    if (name->data == NULL) {
+    c->proxy_protocol_addr.data = ngx_pnalloc(c->pool, NGX_SOCKADDR_STRLEN);
+    if (c->proxy_protocol_addr.data == NULL) {
         return NULL;
     }
 
-    name->len = ngx_sock_ntop(&sockaddr.sockaddr, socklen, name->data,
-                              NGX_SOCKADDR_STRLEN, 0);
-    if (name->len == 0) {
-        return NULL;
-    }
+    c->proxy_protocol_addr.len = ngx_sock_ntop(&sockaddr.sockaddr, socklen,
+                                               c->proxy_protocol_addr.data,
+                                               NGX_SOCKADDR_STRLEN, 0);
 
     ngx_log_debug2(NGX_LOG_DEBUG_CORE, c->log, 0,
-                   "PROXY protocol v2 address: %V %d", name,
+                   "PROXY protocol v2 address: %V %d", &c->proxy_protocol_addr,
                    c->proxy_protocol_port);
 
     if (buf < end) {
         ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0,
-                       "PROXY protocol v2 %z bytes tlv ignored", end - buf);
+                       "PROXY protocol v2 %z bytes of tlv ignored", end - buf);
     }
 
     return end;


More information about the nginx-devel mailing list