[nginx] Core: moved PROXY protocol fields out of ngx_connection_t.
Roman Arutyunyan
arut at nginx.com
Thu Oct 24 10:55:26 UTC 2019
details: https://hg.nginx.org/nginx/rev/06b01840bd42
branches:
changeset: 7590:06b01840bd42
user: Roman Arutyunyan <arut at nginx.com>
date: Mon Oct 21 18:06:19 2019 +0300
description:
Core: moved PROXY protocol fields out of ngx_connection_t.
Now a new structure ngx_proxy_protocol_t holds these fields. This allows
to add more PROXY protocol fields in the future without modifying the
connection structure.
diffstat:
src/core/ngx_connection.h | 3 +-
src/core/ngx_core.h | 1 +
src/core/ngx_proxy_protocol.c | 57 +++++++++++++++++++-----------
src/core/ngx_proxy_protocol.h | 6 +++
src/http/modules/ngx_http_realip_module.c | 7 +--
src/http/ngx_http_variables.c | 23 ++++++++++--
src/stream/ngx_stream_realip_module.c | 8 ++--
src/stream/ngx_stream_variables.c | 23 ++++++++++--
8 files changed, 89 insertions(+), 39 deletions(-)
diffs (328 lines):
diff -r 486d2e0b1b6f -r 06b01840bd42 src/core/ngx_connection.h
--- a/src/core/ngx_connection.h Thu Oct 24 13:47:28 2019 +0300
+++ b/src/core/ngx_connection.h Mon Oct 21 18:06:19 2019 +0300
@@ -147,8 +147,7 @@ struct ngx_connection_s {
socklen_t socklen;
ngx_str_t addr_text;
- ngx_str_t proxy_protocol_addr;
- in_port_t proxy_protocol_port;
+ ngx_proxy_protocol_t *proxy_protocol;
#if (NGX_SSL || NGX_COMPAT)
ngx_ssl_connection_t *ssl;
diff -r 486d2e0b1b6f -r 06b01840bd42 src/core/ngx_core.h
--- a/src/core/ngx_core.h Thu Oct 24 13:47:28 2019 +0300
+++ b/src/core/ngx_core.h Mon Oct 21 18:06:19 2019 +0300
@@ -26,6 +26,7 @@ typedef struct ngx_event_aio_s ngx
typedef struct ngx_connection_s ngx_connection_t;
typedef struct ngx_thread_task_s ngx_thread_task_t;
typedef struct ngx_ssl_s ngx_ssl_t;
+typedef struct ngx_proxy_protocol_s ngx_proxy_protocol_t;
typedef struct ngx_ssl_connection_s ngx_ssl_connection_t;
typedef struct ngx_udp_connection_s ngx_udp_connection_t;
diff -r 486d2e0b1b6f -r 06b01840bd42 src/core/ngx_proxy_protocol.c
--- a/src/core/ngx_proxy_protocol.c Thu Oct 24 13:47:28 2019 +0300
+++ b/src/core/ngx_proxy_protocol.c Mon Oct 21 18:06:19 2019 +0300
@@ -47,9 +47,10 @@ static u_char *ngx_proxy_protocol_v2_rea
u_char *
ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf, u_char *last)
{
- size_t len;
- u_char ch, *p, *addr, *port;
- ngx_int_t n;
+ size_t len;
+ u_char ch, *p, *addr, *port;
+ ngx_int_t n;
+ ngx_proxy_protocol_t *pp;
static const u_char signature[] = "\r\n\r\n\0\r\nQUIT\n";
@@ -105,15 +106,20 @@ ngx_proxy_protocol_read(ngx_connection_t
}
}
- len = p - addr - 1;
- c->proxy_protocol_addr.data = ngx_pnalloc(c->pool, len);
-
- if (c->proxy_protocol_addr.data == NULL) {
+ pp = ngx_pcalloc(c->pool, sizeof(ngx_proxy_protocol_t));
+ if (pp == NULL) {
return NULL;
}
- ngx_memcpy(c->proxy_protocol_addr.data, addr, len);
- c->proxy_protocol_addr.len = len;
+ len = p - addr - 1;
+
+ pp->src_addr.data = ngx_pnalloc(c->pool, len);
+ if (pp->src_addr.data == NULL) {
+ return NULL;
+ }
+
+ ngx_memcpy(pp->src_addr.data, addr, len);
+ pp->src_addr.len = len;
for ( ;; ) {
if (p == last) {
@@ -145,11 +151,13 @@ ngx_proxy_protocol_read(ngx_connection_t
goto invalid;
}
- c->proxy_protocol_port = (in_port_t) n;
+ pp->src_port = (in_port_t) n;
ngx_log_debug2(NGX_LOG_DEBUG_CORE, c->log, 0,
- "PROXY protocol address: %V %d", &c->proxy_protocol_addr,
- c->proxy_protocol_port);
+ "PROXY protocol address: %V %d", &pp->src_addr,
+ pp->src_port);
+
+ c->proxy_protocol = pp;
skip:
@@ -220,6 +228,7 @@ ngx_proxy_protocol_v2_read(ngx_connectio
socklen_t socklen;
ngx_uint_t version, command, family, transport;
ngx_sockaddr_t sockaddr;
+ ngx_proxy_protocol_t *pp;
ngx_proxy_protocol_header_t *header;
ngx_proxy_protocol_inet_addrs_t *in;
#if (NGX_HAVE_INET6)
@@ -266,6 +275,11 @@ ngx_proxy_protocol_v2_read(ngx_connectio
return end;
}
+ pp = ngx_pcalloc(c->pool, sizeof(ngx_proxy_protocol_t));
+ if (pp == NULL) {
+ return NULL;
+ }
+
family = header->family_transport >> 4;
switch (family) {
@@ -282,7 +296,7 @@ ngx_proxy_protocol_v2_read(ngx_connectio
sockaddr.sockaddr_in.sin_port = 0;
memcpy(&sockaddr.sockaddr_in.sin_addr, in->src_addr, 4);
- c->proxy_protocol_port = ngx_proxy_protocol_parse_uint16(in->src_port);
+ pp->src_port = ngx_proxy_protocol_parse_uint16(in->src_port);
socklen = sizeof(struct sockaddr_in);
@@ -304,7 +318,7 @@ ngx_proxy_protocol_v2_read(ngx_connectio
sockaddr.sockaddr_in6.sin6_port = 0;
memcpy(&sockaddr.sockaddr_in6.sin6_addr, in6->src_addr, 16);
- c->proxy_protocol_port = ngx_proxy_protocol_parse_uint16(in6->src_port);
+ pp->src_port = ngx_proxy_protocol_parse_uint16(in6->src_port);
socklen = sizeof(struct sockaddr_in6);
@@ -321,23 +335,24 @@ ngx_proxy_protocol_v2_read(ngx_connectio
return end;
}
- c->proxy_protocol_addr.data = ngx_pnalloc(c->pool, NGX_SOCKADDR_STRLEN);
- if (c->proxy_protocol_addr.data == NULL) {
+ pp->src_addr.data = ngx_pnalloc(c->pool, NGX_SOCKADDR_STRLEN);
+ if (pp->src_addr.data == NULL) {
return NULL;
}
- c->proxy_protocol_addr.len = ngx_sock_ntop(&sockaddr.sockaddr, socklen,
- c->proxy_protocol_addr.data,
- NGX_SOCKADDR_STRLEN, 0);
+ pp->src_addr.len = ngx_sock_ntop(&sockaddr.sockaddr, socklen,
+ pp->src_addr.data, NGX_SOCKADDR_STRLEN, 0);
ngx_log_debug2(NGX_LOG_DEBUG_CORE, c->log, 0,
- "PROXY protocol v2 address: %V %d", &c->proxy_protocol_addr,
- c->proxy_protocol_port);
+ "PROXY protocol v2 address: %V %d", &pp->src_addr,
+ pp->src_port);
if (buf < end) {
ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0,
"PROXY protocol v2 %z bytes of tlv ignored", end - buf);
}
+ c->proxy_protocol = pp;
+
return end;
}
diff -r 486d2e0b1b6f -r 06b01840bd42 src/core/ngx_proxy_protocol.h
--- a/src/core/ngx_proxy_protocol.h Thu Oct 24 13:47:28 2019 +0300
+++ b/src/core/ngx_proxy_protocol.h Mon Oct 21 18:06:19 2019 +0300
@@ -16,6 +16,12 @@
#define NGX_PROXY_PROTOCOL_MAX_HEADER 107
+struct ngx_proxy_protocol_s {
+ ngx_str_t src_addr;
+ in_port_t src_port;
+};
+
+
u_char *ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf,
u_char *last);
u_char *ngx_proxy_protocol_write(ngx_connection_t *c, u_char *buf,
diff -r 486d2e0b1b6f -r 06b01840bd42 src/http/modules/ngx_http_realip_module.c
--- a/src/http/modules/ngx_http_realip_module.c Thu Oct 24 13:47:28 2019 +0300
+++ b/src/http/modules/ngx_http_realip_module.c Mon Oct 21 18:06:19 2019 +0300
@@ -180,12 +180,11 @@ ngx_http_realip_handler(ngx_http_request
case NGX_HTTP_REALIP_PROXY:
- value = &r->connection->proxy_protocol_addr;
-
- if (value->len == 0) {
+ if (r->connection->proxy_protocol == NULL) {
return NGX_DECLINED;
}
+ value = &r->connection->proxy_protocol->src_addr;
xfwd = NULL;
break;
@@ -238,7 +237,7 @@ found:
!= NGX_DECLINED)
{
if (rlcf->type == NGX_HTTP_REALIP_PROXY) {
- ngx_inet_set_port(addr.sockaddr, c->proxy_protocol_port);
+ ngx_inet_set_port(addr.sockaddr, c->proxy_protocol->src_port);
}
return ngx_http_realip_set_addr(r, &addr);
diff -r 486d2e0b1b6f -r 06b01840bd42 src/http/ngx_http_variables.c
--- a/src/http/ngx_http_variables.c Thu Oct 24 13:47:28 2019 +0300
+++ b/src/http/ngx_http_variables.c Mon Oct 21 18:06:19 2019 +0300
@@ -1293,11 +1293,19 @@ static ngx_int_t
ngx_http_variable_proxy_protocol_addr(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data)
{
- v->len = r->connection->proxy_protocol_addr.len;
+ ngx_proxy_protocol_t *pp;
+
+ pp = r->connection->proxy_protocol;
+ if (pp == NULL) {
+ v->not_found = 1;
+ return NGX_OK;
+ }
+
+ v->len = pp->src_addr.len;
v->valid = 1;
v->no_cacheable = 0;
v->not_found = 0;
- v->data = r->connection->proxy_protocol_addr.data;
+ v->data = pp->src_addr.data;
return NGX_OK;
}
@@ -1307,7 +1315,14 @@ static ngx_int_t
ngx_http_variable_proxy_protocol_port(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data)
{
- ngx_uint_t port;
+ ngx_uint_t port;
+ ngx_proxy_protocol_t *pp;
+
+ pp = r->connection->proxy_protocol;
+ if (pp == NULL) {
+ v->not_found = 1;
+ return NGX_OK;
+ }
v->len = 0;
v->valid = 1;
@@ -1319,7 +1334,7 @@ ngx_http_variable_proxy_protocol_port(ng
return NGX_ERROR;
}
- port = r->connection->proxy_protocol_port;
+ port = pp->src_port;
if (port > 0 && port < 65536) {
v->len = ngx_sprintf(v->data, "%ui", port) - v->data;
diff -r 486d2e0b1b6f -r 06b01840bd42 src/stream/ngx_stream_realip_module.c
--- a/src/stream/ngx_stream_realip_module.c Thu Oct 24 13:47:28 2019 +0300
+++ b/src/stream/ngx_stream_realip_module.c Mon Oct 21 18:06:19 2019 +0300
@@ -108,7 +108,7 @@ ngx_stream_realip_handler(ngx_stream_ses
c = s->connection;
- if (c->proxy_protocol_addr.len == 0) {
+ if (c->proxy_protocol == NULL) {
return NGX_DECLINED;
}
@@ -116,14 +116,14 @@ ngx_stream_realip_handler(ngx_stream_ses
return NGX_DECLINED;
}
- if (ngx_parse_addr(c->pool, &addr, c->proxy_protocol_addr.data,
- c->proxy_protocol_addr.len)
+ if (ngx_parse_addr(c->pool, &addr, c->proxy_protocol->src_addr.data,
+ c->proxy_protocol->src_addr.len)
!= NGX_OK)
{
return NGX_DECLINED;
}
- ngx_inet_set_port(addr.sockaddr, c->proxy_protocol_port);
+ ngx_inet_set_port(addr.sockaddr, c->proxy_protocol->src_port);
return ngx_stream_realip_set_addr(s, &addr);
}
diff -r 486d2e0b1b6f -r 06b01840bd42 src/stream/ngx_stream_variables.c
--- a/src/stream/ngx_stream_variables.c Thu Oct 24 13:47:28 2019 +0300
+++ b/src/stream/ngx_stream_variables.c Mon Oct 21 18:06:19 2019 +0300
@@ -557,11 +557,19 @@ static ngx_int_t
ngx_stream_variable_proxy_protocol_addr(ngx_stream_session_t *s,
ngx_stream_variable_value_t *v, uintptr_t data)
{
- v->len = s->connection->proxy_protocol_addr.len;
+ ngx_proxy_protocol_t *pp;
+
+ pp = s->connection->proxy_protocol;
+ if (pp == NULL) {
+ v->not_found = 1;
+ return NGX_OK;
+ }
+
+ v->len = pp->src_addr.len;
v->valid = 1;
v->no_cacheable = 0;
v->not_found = 0;
- v->data = s->connection->proxy_protocol_addr.data;
+ v->data = pp->src_addr.data;
return NGX_OK;
}
@@ -571,7 +579,14 @@ static ngx_int_t
ngx_stream_variable_proxy_protocol_port(ngx_stream_session_t *s,
ngx_stream_variable_value_t *v, uintptr_t data)
{
- ngx_uint_t port;
+ ngx_uint_t port;
+ ngx_proxy_protocol_t *pp;
+
+ pp = s->connection->proxy_protocol;
+ if (pp == NULL) {
+ v->not_found = 1;
+ return NGX_OK;
+ }
v->len = 0;
v->valid = 1;
@@ -583,7 +598,7 @@ ngx_stream_variable_proxy_protocol_port(
return NGX_ERROR;
}
- port = s->connection->proxy_protocol_port;
+ port = pp->src_port;
if (port > 0 && port < 65536) {
v->len = ngx_sprintf(v->data, "%ui", port) - v->data;
More information about the nginx-devel
mailing list