NGINX R19 Javascript bug with keyval maps

j94305 nginx-forum at forum.nginx.org
Wed Sep 4 02:51:55 UTC 2019 

The new R19 introduces "type=ip" keyval maps.

Posting IP addresses (e.g., 1.2.3.4) seems to work from both, the API 5 REST
calls and from Javascript, except IPv6 addresses are not accepted.

Posting CIDR blocks (e.g., 1.2.3.0/24) works fine via the API 5 REST calls
but not via Javascript. CIDR entries will not show up in the map at all.

I am trying to feed a banlist into a map which used to be a "geo" directive.
This is done by a Javascript function because deleting the map and uploading
it again would cause a time of the map being empty.
Consistently, all CIDR ranges fail.

My keyval map definition:

    keyval_zone			zone=banned:32m timeout=7d type=ip sync
state=/var/run/nginx/state/banned.json;
    keyval			$custom_addr	$map_bannedIP zone=banned;

As the placement of regular IP addresses also failed after a while, I tested
the function with this Javascript test handler set up as js_content handler
for a location:

function admin_mapBanned(r) {
    var v = r.variables;
    var here = "adminMapBanned";

    var n = 0;
    for (var a = 1; a < 240; a++) {
	for (var b = 1; b < 255; b++) {
	    for (var c = 1; c < 255; c++) {
		for (var d = 1; d < 255; d++) {
		    n++;
		    var addr = "" + a + "." + b + "." + c + "." + d;
		    v.custom_addr = addr;
		    v.map_bannedIP = "1";
		    r.log("bannedIP[" + n + "]: " + addr + " => " + v.map_bannedIP);
		    if (!v.map_bannedIP) {
			r.return(200);
			return;
		    }
		}
	    }
	}
    }
}

The results with different keyval zone sizes:
- 1m => 2964 entries
- 2m => 6000 entries
- 4m => 12032 entries
- 8m => 24128 entries
- 16m => 48304 entries
- 32m => 96704 entries

In consequence, this means a keyval map uses almost 350 bytes to store an IP
address and the value of "1". Wow! I would have expected this to be much
lower in memory consumption. Anyway, knowing this, I can at least reliably
feed IPv4 addresses now.

Please fix the Javascript issue with IPv6 and CIDR notations.

Thanks!
--j.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,285542,285542#msg-285542

More information about the nginx mailing list