[nginx] Core: moved PROXY protocol fields out of ngx_connection_t.

Roman Arutyunyan arut at nginx.com
Thu Oct 24 10:55:26 UTC 2019


details:   https://hg.nginx.org/nginx/rev/06b01840bd42
branches:  
changeset: 7590:06b01840bd42
user:      Roman Arutyunyan <arut at nginx.com>
date:      Mon Oct 21 18:06:19 2019 +0300
description:
Core: moved PROXY protocol fields out of ngx_connection_t.

Now a new structure ngx_proxy_protocol_t holds these fields.  This allows
to add more PROXY protocol fields in the future without modifying the
connection structure.

diffstat:

 src/core/ngx_connection.h                 |   3 +-
 src/core/ngx_core.h                       |   1 +
 src/core/ngx_proxy_protocol.c             |  57 +++++++++++++++++++-----------
 src/core/ngx_proxy_protocol.h             |   6 +++
 src/http/modules/ngx_http_realip_module.c |   7 +--
 src/http/ngx_http_variables.c             |  23 ++++++++++--
 src/stream/ngx_stream_realip_module.c     |   8 ++--
 src/stream/ngx_stream_variables.c         |  23 ++++++++++--
 8 files changed, 89 insertions(+), 39 deletions(-)

diffs (328 lines):

diff -r 486d2e0b1b6f -r 06b01840bd42 src/core/ngx_connection.h
--- a/src/core/ngx_connection.h	Thu Oct 24 13:47:28 2019 +0300
+++ b/src/core/ngx_connection.h	Mon Oct 21 18:06:19 2019 +0300
@@ -147,8 +147,7 @@ struct ngx_connection_s {
     socklen_t           socklen;
     ngx_str_t           addr_text;
 
-    ngx_str_t           proxy_protocol_addr;
-    in_port_t           proxy_protocol_port;
+    ngx_proxy_protocol_t  *proxy_protocol;
 
 #if (NGX_SSL || NGX_COMPAT)
     ngx_ssl_connection_t  *ssl;
diff -r 486d2e0b1b6f -r 06b01840bd42 src/core/ngx_core.h
--- a/src/core/ngx_core.h	Thu Oct 24 13:47:28 2019 +0300
+++ b/src/core/ngx_core.h	Mon Oct 21 18:06:19 2019 +0300
@@ -26,6 +26,7 @@ typedef struct ngx_event_aio_s       ngx
 typedef struct ngx_connection_s      ngx_connection_t;
 typedef struct ngx_thread_task_s     ngx_thread_task_t;
 typedef struct ngx_ssl_s             ngx_ssl_t;
+typedef struct ngx_proxy_protocol_s  ngx_proxy_protocol_t;
 typedef struct ngx_ssl_connection_s  ngx_ssl_connection_t;
 typedef struct ngx_udp_connection_s  ngx_udp_connection_t;
 
diff -r 486d2e0b1b6f -r 06b01840bd42 src/core/ngx_proxy_protocol.c
--- a/src/core/ngx_proxy_protocol.c	Thu Oct 24 13:47:28 2019 +0300
+++ b/src/core/ngx_proxy_protocol.c	Mon Oct 21 18:06:19 2019 +0300
@@ -47,9 +47,10 @@ static u_char *ngx_proxy_protocol_v2_rea
 u_char *
 ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf, u_char *last)
 {
-    size_t     len;
-    u_char     ch, *p, *addr, *port;
-    ngx_int_t  n;
+    size_t                 len;
+    u_char                 ch, *p, *addr, *port;
+    ngx_int_t              n;
+    ngx_proxy_protocol_t  *pp;
 
     static const u_char signature[] = "\r\n\r\n\0\r\nQUIT\n";
 
@@ -105,15 +106,20 @@ ngx_proxy_protocol_read(ngx_connection_t
         }
     }
 
-    len = p - addr - 1;
-    c->proxy_protocol_addr.data = ngx_pnalloc(c->pool, len);
-
-    if (c->proxy_protocol_addr.data == NULL) {
+    pp = ngx_pcalloc(c->pool, sizeof(ngx_proxy_protocol_t));
+    if (pp == NULL) {
         return NULL;
     }
 
-    ngx_memcpy(c->proxy_protocol_addr.data, addr, len);
-    c->proxy_protocol_addr.len = len;
+    len = p - addr - 1;
+
+    pp->src_addr.data = ngx_pnalloc(c->pool, len);
+    if (pp->src_addr.data == NULL) {
+        return NULL;
+    }
+
+    ngx_memcpy(pp->src_addr.data, addr, len);
+    pp->src_addr.len = len;
 
     for ( ;; ) {
         if (p == last) {
@@ -145,11 +151,13 @@ ngx_proxy_protocol_read(ngx_connection_t
         goto invalid;
     }
 
-    c->proxy_protocol_port = (in_port_t) n;
+    pp->src_port = (in_port_t) n;
 
     ngx_log_debug2(NGX_LOG_DEBUG_CORE, c->log, 0,
-                   "PROXY protocol address: %V %d", &c->proxy_protocol_addr,
-                   c->proxy_protocol_port);
+                   "PROXY protocol address: %V %d", &pp->src_addr,
+                   pp->src_port);
+
+    c->proxy_protocol = pp;
 
 skip:
 
@@ -220,6 +228,7 @@ ngx_proxy_protocol_v2_read(ngx_connectio
     socklen_t                           socklen;
     ngx_uint_t                          version, command, family, transport;
     ngx_sockaddr_t                      sockaddr;
+    ngx_proxy_protocol_t               *pp;
     ngx_proxy_protocol_header_t        *header;
     ngx_proxy_protocol_inet_addrs_t    *in;
 #if (NGX_HAVE_INET6)
@@ -266,6 +275,11 @@ ngx_proxy_protocol_v2_read(ngx_connectio
         return end;
     }
 
+    pp = ngx_pcalloc(c->pool, sizeof(ngx_proxy_protocol_t));
+    if (pp == NULL) {
+        return NULL;
+    }
+
     family = header->family_transport >> 4;
 
     switch (family) {
@@ -282,7 +296,7 @@ ngx_proxy_protocol_v2_read(ngx_connectio
         sockaddr.sockaddr_in.sin_port = 0;
         memcpy(&sockaddr.sockaddr_in.sin_addr, in->src_addr, 4);
 
-        c->proxy_protocol_port = ngx_proxy_protocol_parse_uint16(in->src_port);
+        pp->src_port = ngx_proxy_protocol_parse_uint16(in->src_port);
 
         socklen = sizeof(struct sockaddr_in);
 
@@ -304,7 +318,7 @@ ngx_proxy_protocol_v2_read(ngx_connectio
         sockaddr.sockaddr_in6.sin6_port = 0;
         memcpy(&sockaddr.sockaddr_in6.sin6_addr, in6->src_addr, 16);
 
-        c->proxy_protocol_port = ngx_proxy_protocol_parse_uint16(in6->src_port);
+        pp->src_port = ngx_proxy_protocol_parse_uint16(in6->src_port);
 
         socklen = sizeof(struct sockaddr_in6);
 
@@ -321,23 +335,24 @@ ngx_proxy_protocol_v2_read(ngx_connectio
         return end;
     }
 
-    c->proxy_protocol_addr.data = ngx_pnalloc(c->pool, NGX_SOCKADDR_STRLEN);
-    if (c->proxy_protocol_addr.data == NULL) {
+    pp->src_addr.data = ngx_pnalloc(c->pool, NGX_SOCKADDR_STRLEN);
+    if (pp->src_addr.data == NULL) {
         return NULL;
     }
 
-    c->proxy_protocol_addr.len = ngx_sock_ntop(&sockaddr.sockaddr, socklen,
-                                               c->proxy_protocol_addr.data,
-                                               NGX_SOCKADDR_STRLEN, 0);
+    pp->src_addr.len = ngx_sock_ntop(&sockaddr.sockaddr, socklen,
+                                     pp->src_addr.data, NGX_SOCKADDR_STRLEN, 0);
 
     ngx_log_debug2(NGX_LOG_DEBUG_CORE, c->log, 0,
-                   "PROXY protocol v2 address: %V %d", &c->proxy_protocol_addr,
-                   c->proxy_protocol_port);
+                   "PROXY protocol v2 address: %V %d", &pp->src_addr,
+                   pp->src_port);
 
     if (buf < end) {
         ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0,
                        "PROXY protocol v2 %z bytes of tlv ignored", end - buf);
     }
 
+    c->proxy_protocol = pp;
+
     return end;
 }
diff -r 486d2e0b1b6f -r 06b01840bd42 src/core/ngx_proxy_protocol.h
--- a/src/core/ngx_proxy_protocol.h	Thu Oct 24 13:47:28 2019 +0300
+++ b/src/core/ngx_proxy_protocol.h	Mon Oct 21 18:06:19 2019 +0300
@@ -16,6 +16,12 @@
 #define NGX_PROXY_PROTOCOL_MAX_HEADER  107
 
 
+struct ngx_proxy_protocol_s {
+    ngx_str_t           src_addr;
+    in_port_t           src_port;
+};
+
+
 u_char *ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf,
     u_char *last);
 u_char *ngx_proxy_protocol_write(ngx_connection_t *c, u_char *buf,
diff -r 486d2e0b1b6f -r 06b01840bd42 src/http/modules/ngx_http_realip_module.c
--- a/src/http/modules/ngx_http_realip_module.c	Thu Oct 24 13:47:28 2019 +0300
+++ b/src/http/modules/ngx_http_realip_module.c	Mon Oct 21 18:06:19 2019 +0300
@@ -180,12 +180,11 @@ ngx_http_realip_handler(ngx_http_request
 
     case NGX_HTTP_REALIP_PROXY:
 
-        value = &r->connection->proxy_protocol_addr;
-
-        if (value->len == 0) {
+        if (r->connection->proxy_protocol == NULL) {
             return NGX_DECLINED;
         }
 
+        value = &r->connection->proxy_protocol->src_addr;
         xfwd = NULL;
 
         break;
@@ -238,7 +237,7 @@ found:
         != NGX_DECLINED)
     {
         if (rlcf->type == NGX_HTTP_REALIP_PROXY) {
-            ngx_inet_set_port(addr.sockaddr, c->proxy_protocol_port);
+            ngx_inet_set_port(addr.sockaddr, c->proxy_protocol->src_port);
         }
 
         return ngx_http_realip_set_addr(r, &addr);
diff -r 486d2e0b1b6f -r 06b01840bd42 src/http/ngx_http_variables.c
--- a/src/http/ngx_http_variables.c	Thu Oct 24 13:47:28 2019 +0300
+++ b/src/http/ngx_http_variables.c	Mon Oct 21 18:06:19 2019 +0300
@@ -1293,11 +1293,19 @@ static ngx_int_t
 ngx_http_variable_proxy_protocol_addr(ngx_http_request_t *r,
     ngx_http_variable_value_t *v, uintptr_t data)
 {
-    v->len = r->connection->proxy_protocol_addr.len;
+    ngx_proxy_protocol_t  *pp;
+
+    pp = r->connection->proxy_protocol;
+    if (pp == NULL) {
+        v->not_found = 1;
+        return NGX_OK;
+    }
+
+    v->len = pp->src_addr.len;
     v->valid = 1;
     v->no_cacheable = 0;
     v->not_found = 0;
-    v->data = r->connection->proxy_protocol_addr.data;
+    v->data = pp->src_addr.data;
 
     return NGX_OK;
 }
@@ -1307,7 +1315,14 @@ static ngx_int_t
 ngx_http_variable_proxy_protocol_port(ngx_http_request_t *r,
     ngx_http_variable_value_t *v, uintptr_t data)
 {
-    ngx_uint_t  port;
+    ngx_uint_t             port;
+    ngx_proxy_protocol_t  *pp;
+
+    pp = r->connection->proxy_protocol;
+    if (pp == NULL) {
+        v->not_found = 1;
+        return NGX_OK;
+    }
 
     v->len = 0;
     v->valid = 1;
@@ -1319,7 +1334,7 @@ ngx_http_variable_proxy_protocol_port(ng
         return NGX_ERROR;
     }
 
-    port = r->connection->proxy_protocol_port;
+    port = pp->src_port;
 
     if (port > 0 && port < 65536) {
         v->len = ngx_sprintf(v->data, "%ui", port) - v->data;
diff -r 486d2e0b1b6f -r 06b01840bd42 src/stream/ngx_stream_realip_module.c
--- a/src/stream/ngx_stream_realip_module.c	Thu Oct 24 13:47:28 2019 +0300
+++ b/src/stream/ngx_stream_realip_module.c	Mon Oct 21 18:06:19 2019 +0300
@@ -108,7 +108,7 @@ ngx_stream_realip_handler(ngx_stream_ses
 
     c = s->connection;
 
-    if (c->proxy_protocol_addr.len == 0) {
+    if (c->proxy_protocol == NULL) {
         return NGX_DECLINED;
     }
 
@@ -116,14 +116,14 @@ ngx_stream_realip_handler(ngx_stream_ses
         return NGX_DECLINED;
     }
 
-    if (ngx_parse_addr(c->pool, &addr, c->proxy_protocol_addr.data,
-                       c->proxy_protocol_addr.len)
+    if (ngx_parse_addr(c->pool, &addr, c->proxy_protocol->src_addr.data,
+                       c->proxy_protocol->src_addr.len)
         != NGX_OK)
     {
         return NGX_DECLINED;
     }
 
-    ngx_inet_set_port(addr.sockaddr, c->proxy_protocol_port);
+    ngx_inet_set_port(addr.sockaddr, c->proxy_protocol->src_port);
 
     return ngx_stream_realip_set_addr(s, &addr);
 }
diff -r 486d2e0b1b6f -r 06b01840bd42 src/stream/ngx_stream_variables.c
--- a/src/stream/ngx_stream_variables.c	Thu Oct 24 13:47:28 2019 +0300
+++ b/src/stream/ngx_stream_variables.c	Mon Oct 21 18:06:19 2019 +0300
@@ -557,11 +557,19 @@ static ngx_int_t
 ngx_stream_variable_proxy_protocol_addr(ngx_stream_session_t *s,
     ngx_stream_variable_value_t *v, uintptr_t data)
 {
-    v->len = s->connection->proxy_protocol_addr.len;
+    ngx_proxy_protocol_t  *pp;
+
+    pp = s->connection->proxy_protocol;
+    if (pp == NULL) {
+        v->not_found = 1;
+        return NGX_OK;
+    }
+
+    v->len = pp->src_addr.len;
     v->valid = 1;
     v->no_cacheable = 0;
     v->not_found = 0;
-    v->data = s->connection->proxy_protocol_addr.data;
+    v->data = pp->src_addr.data;
 
     return NGX_OK;
 }
@@ -571,7 +579,14 @@ static ngx_int_t
 ngx_stream_variable_proxy_protocol_port(ngx_stream_session_t *s,
     ngx_stream_variable_value_t *v, uintptr_t data)
 {
-    ngx_uint_t  port;
+    ngx_uint_t             port;
+    ngx_proxy_protocol_t  *pp;
+
+    pp = s->connection->proxy_protocol;
+    if (pp == NULL) {
+        v->not_found = 1;
+        return NGX_OK;
+    }
 
     v->len = 0;
     v->valid = 1;
@@ -583,7 +598,7 @@ ngx_stream_variable_proxy_protocol_port(
         return NGX_ERROR;
     }
 
-    port = s->connection->proxy_protocol_port;
+    port = pp->src_port;
 
     if (port > 0 && port < 65536) {
         v->len = ngx_sprintf(v->data, "%ui", port) - v->data;


More information about the nginx-devel mailing list