[nginx] Core: revised the PROXY protocol v2 code.
Ruslan Ermilov
ru at nginx.com
Mon Apr 2 16:14:02 UTC 2018
details: http://hg.nginx.org/nginx/rev/63e91f263a49
branches:
changeset: 7253:63e91f263a49
user: Ruslan Ermilov <ru at nginx.com>
date: Mon Apr 02 18:40:04 2018 +0300
description:
Core: revised the PROXY protocol v2 code.
- use normal prefixes for types and macros
- removed some macros and types
- revised debug messages
- removed useless check of ngx_sock_ntop() returning 0
- removed special processing of AF_UNSPEC
diffstat:
src/core/ngx_proxy_protocol.c | 154 ++++++++++++++++++-----------------------
1 files changed, 69 insertions(+), 85 deletions(-)
diffs (271 lines):
diff -r 7bdab16c55f1 -r 63e91f263a49 src/core/ngx_proxy_protocol.c
--- a/src/core/ngx_proxy_protocol.c Tue Mar 27 18:39:38 2018 +0300
+++ b/src/core/ngx_proxy_protocol.c Mon Apr 02 18:40:04 2018 +0300
@@ -9,54 +9,40 @@
#include <ngx_core.h>
-#define NGX_PP_V2_SIGLEN 12
-#define NGX_PP_V2_CMD_PROXY 1
-#define NGX_PP_V2_STREAM 1
-
-#define NGX_PP_V2_AF_UNSPEC 0
-#define NGX_PP_V2_AF_INET 1
-#define NGX_PP_V2_AF_INET6 2
+#define NGX_PROXY_PROTOCOL_AF_INET 1
+#define NGX_PROXY_PROTOCOL_AF_INET6 2
-#define ngx_pp_v2_get_u16(p) ((p)[0] << 8 | (p)[1])
+#define ngx_proxy_protocol_parse_uint16(p) ((p)[0] << 8 | (p)[1])
typedef struct {
- u_char signature[NGX_PP_V2_SIGLEN];
- u_char ver_cmd;
- u_char family_transport;
- u_char len[2];
-} ngx_pp_v2_header_t;
+ u_char signature[12];
+ u_char version_command;
+ u_char family_transport;
+ u_char len[2];
+} ngx_proxy_protocol_header_t;
typedef struct {
- u_char src[4];
- u_char dst[4];
- u_char sport[2];
- u_char dport[2];
-} ngx_pp_v2_inet_addrs_t;
+ u_char s_addr[4];
+ u_char d_addr[4];
+ u_char s_port[2];
+ u_char d_port[2];
+} ngx_proxy_protocol_inet_addrs_t;
typedef struct {
- u_char src[16];
- u_char dst[16];
- u_char sport[2];
- u_char dport[2];
-} ngx_pp_v2_inet6_addrs_t;
-
-
-typedef union {
- ngx_pp_v2_inet_addrs_t inet;
- ngx_pp_v2_inet6_addrs_t inet6;
-} ngx_pp_v2_addrs_t;
+ u_char s_addr[16];
+ u_char d_addr[16];
+ u_char s_port[2];
+ u_char d_port[2];
+} ngx_proxy_protocol_inet6_addrs_t;
static u_char *ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf,
u_char *last);
-static const u_char ngx_pp_v2_signature[NGX_PP_V2_SIGLEN] =
- { 0x0d, 0x0a, 0x0d, 0x0a, 0x00, 0x0d, 0x0a, 0x51, 0x55, 0x49, 0x54, 0x0a };
-
u_char *
ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf, u_char *last)
@@ -65,11 +51,13 @@ ngx_proxy_protocol_read(ngx_connection_t
u_char ch, *p, *addr, *port;
ngx_int_t n;
+ static const u_char signature[] = "\r\n\r\n\0\r\nQUIT\n";
+
p = buf;
len = last - buf;
- if (len >= sizeof(ngx_pp_v2_header_t)
- && memcmp(p, ngx_pp_v2_signature, NGX_PP_V2_SIGLEN) == 0)
+ if (len >= sizeof(ngx_proxy_protocol_header_t)
+ && memcmp(p, signature, sizeof(signature) - 1) == 0)
{
return ngx_proxy_protocol_v2_read(c, buf, last);
}
@@ -227,28 +215,30 @@ ngx_proxy_protocol_write(ngx_connection_
static u_char *
ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf, u_char *last)
{
- u_char *end;
- size_t len;
- socklen_t socklen;
- ngx_str_t *name;
- ngx_uint_t ver, cmd, family, transport;
- ngx_sockaddr_t sockaddr;
- ngx_pp_v2_addrs_t *addrs;
- ngx_pp_v2_header_t *hdr;
+ u_char *end;
+ size_t len;
+ socklen_t socklen;
+ ngx_uint_t version, command, family, transport;
+ ngx_sockaddr_t sockaddr;
+ ngx_proxy_protocol_header_t *header;
+ ngx_proxy_protocol_inet_addrs_t *inet;
+#if (NGX_HAVE_INET6)
+ ngx_proxy_protocol_inet6_addrs_t *inet6;
+#endif
- hdr = (ngx_pp_v2_header_t *) buf;
+ header = (ngx_proxy_protocol_header_t *) buf;
- buf += sizeof(ngx_pp_v2_header_t);
+ buf += sizeof(ngx_proxy_protocol_header_t);
- ver = hdr->ver_cmd >> 4;
+ version = header->version_command >> 4;
- if (ver != 2) {
+ if (version != 2) {
ngx_log_error(NGX_LOG_ERR, c->log, 0,
- "unsupported PROXY protocol version: %ui", ver);
+ "unknown PROXY protocol version: %ui", version);
return NULL;
}
- len = ngx_pp_v2_get_u16(hdr->len);
+ len = ngx_proxy_protocol_parse_uint16(header->len);
if ((size_t) (last - buf) < len) {
ngx_log_error(NGX_LOG_ERR, c->log, 0, "header is too large");
@@ -257,102 +247,96 @@ ngx_proxy_protocol_v2_read(ngx_connectio
end = buf + len;
- cmd = hdr->ver_cmd & 0x0f;
+ command = header->version_command & 0x0f;
- if (cmd != NGX_PP_V2_CMD_PROXY) {
+ /* only PROXY is supported */
+ if (command != 1) {
ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0,
- "PROXY protocol v2 unsupported command 0x%xi", cmd);
+ "PROXY protocol v2 unsupported command %ui", command);
return end;
}
- transport = hdr->family_transport & 0x0f;
+ transport = header->family_transport & 0x0f;
- if (transport != NGX_PP_V2_STREAM) {
+ /* only STREAM is supported */
+ if (transport != 1) {
ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0,
- "PROXY protocol v2 unsupported transport 0x%xi",
+ "PROXY protocol v2 unsupported transport %ui",
transport);
return end;
}
- family = hdr->family_transport >> 4;
-
- addrs = (ngx_pp_v2_addrs_t *) buf;
+ family = header->family_transport >> 4;
switch (family) {
- case NGX_PP_V2_AF_UNSPEC:
- ngx_log_debug0(NGX_LOG_DEBUG_CORE, c->log, 0,
- "PROXY protocol v2 AF_UNSPEC ignored");
- return end;
+ case NGX_PROXY_PROTOCOL_AF_INET:
- case NGX_PP_V2_AF_INET:
-
- if ((size_t) (end - buf) < sizeof(ngx_pp_v2_inet_addrs_t)) {
+ if ((size_t) (end - buf) < sizeof(ngx_proxy_protocol_inet_addrs_t)) {
return NULL;
}
+ inet = (ngx_proxy_protocol_inet_addrs_t *) buf;
+
sockaddr.sockaddr_in.sin_family = AF_INET;
sockaddr.sockaddr_in.sin_port = 0;
- memcpy(&sockaddr.sockaddr_in.sin_addr, addrs->inet.src, 4);
+ memcpy(&sockaddr.sockaddr_in.sin_addr, inet->s_addr, 4);
- c->proxy_protocol_port = ngx_pp_v2_get_u16(addrs->inet.sport);
+ c->proxy_protocol_port = ngx_proxy_protocol_parse_uint16(inet->s_port);
socklen = sizeof(struct sockaddr_in);
- buf += sizeof(ngx_pp_v2_inet_addrs_t);
+ buf += sizeof(ngx_proxy_protocol_inet_addrs_t);
break;
#if (NGX_HAVE_INET6)
- case NGX_PP_V2_AF_INET6:
+ case NGX_PROXY_PROTOCOL_AF_INET6:
- if ((size_t) (end - buf) < sizeof(ngx_pp_v2_inet6_addrs_t)) {
+ if ((size_t) (end - buf) < sizeof(ngx_proxy_protocol_inet6_addrs_t)) {
return NULL;
}
+ inet6 = (ngx_proxy_protocol_inet6_addrs_t *) buf;
+
sockaddr.sockaddr_in6.sin6_family = AF_INET6;
sockaddr.sockaddr_in6.sin6_port = 0;
- memcpy(&sockaddr.sockaddr_in6.sin6_addr, addrs->inet6.src, 16);
+ memcpy(&sockaddr.sockaddr_in6.sin6_addr, inet6->s_addr, 16);
- c->proxy_protocol_port = ngx_pp_v2_get_u16(addrs->inet6.sport);
+ c->proxy_protocol_port = ngx_proxy_protocol_parse_uint16(inet6->s_port);
socklen = sizeof(struct sockaddr_in6);
- buf += sizeof(ngx_pp_v2_inet6_addrs_t);
+ buf += sizeof(ngx_proxy_protocol_inet6_addrs_t);
break;
#endif
default:
-
ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0,
- "PROXY protocol v2 unsupported address family 0x%xi",
+ "PROXY protocol v2 unsupported address family %ui",
family);
return end;
}
- name = &c->proxy_protocol_addr;
-
- name->data = ngx_pnalloc(c->pool, NGX_SOCKADDR_STRLEN);
- if (name->data == NULL) {
+ c->proxy_protocol_addr.data = ngx_pnalloc(c->pool, NGX_SOCKADDR_STRLEN);
+ if (c->proxy_protocol_addr.data == NULL) {
return NULL;
}
- name->len = ngx_sock_ntop(&sockaddr.sockaddr, socklen, name->data,
- NGX_SOCKADDR_STRLEN, 0);
- if (name->len == 0) {
- return NULL;
- }
+ c->proxy_protocol_addr.len = ngx_sock_ntop(&sockaddr.sockaddr, socklen,
+ c->proxy_protocol_addr.data,
+ NGX_SOCKADDR_STRLEN, 0);
ngx_log_debug2(NGX_LOG_DEBUG_CORE, c->log, 0,
- "PROXY protocol v2 address: %V %d", name,
+ "PROXY protocol v2 address: %V %d", &c->proxy_protocol_addr,
c->proxy_protocol_port);
if (buf < end) {
ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0,
- "PROXY protocol v2 %z bytes tlv ignored", end - buf);
+ "PROXY protocol v2 %z bytes of tlv ignored", end - buf);
}
return end;
More information about the nginx-devel
mailing list