diff options
| author | Maxim Dounin <mdounin@mdounin.ru> | 2012-06-04 11:58:12 +0000 |
|---|---|---|
| committer | Maxim Dounin <mdounin@mdounin.ru> | 2012-06-04 11:58:12 +0000 |
| commit | 8acd40c4951ca822e2fb4672de9e4f23c6b6a97a (patch) | |
| tree | 4085dcdab5e39ebb470432ff09f15e2f3fa83902 /src/event/ngx_event.c | |
| parent | 21ad7d043686e548f2898b07d1f4083788a28890 (diff) | |
| download | nginx-8acd40c4951ca822e2fb4672de9e4f23c6b6a97a.tar.gz nginx-8acd40c4951ca822e2fb4672de9e4f23c6b6a97a.tar.bz2 | |
Merge of r4614, r4624-r4629, r4631: proxy recursive changes.
*) Added IPv6 and UNIX-domain socket support in "debug_connection"
directive.
*) New function ngx_http_get_forwarded_addr() to look up real client
address.
On input it takes an original address, string in the X-Forwarded-For format
and its length, list of trusted proxies, and a flag indicating to perform
the recursive search. On output it returns NGX_OK and the "deepest" valid
address in a chain, or NGX_DECLINED. It supports AF_INET and AF_INET6.
Additionally, original address and/or proxy may be specified as AF_UNIX.
*) Realip: chains of trusted proxies and IPv6 support.
The module now supports recursive search of client address through
the chain of trusted proxies, controlled by the "real_ip_recursive"
directive (closes #2). It also gets full IPv6 support (closes #44)
and canonical value of the $client_addr variable on address change.
Example:
real_ip_header X-Forwarded-For;
set_real_ip_from 127.0.0.0/8;
set_real_ip_from ::1;
set_real_ip_from unix:;
real_ip_recursive on;
*) Geo: chains of trusted proxies and partial IPv6 support.
The module now supports recursive search of client address through
the chain of trusted proxies, controlled by the "proxy_recursive"
directive in the "geo" block. It also gets partial IPv6 support:
now proxies may be specified with IPv6 addresses.
Example:
geo $test {
...
proxy 127.0.0.1;
proxy ::1;
proxy_recursive;
}
There's also a slight change in behavior. When original client
address (as specified by the "geo" directive) is one of the
trusted proxies, and the value of the X-Forwarded-For request
header cannot not be parsed as a valid address, an original client
address will be used for lookup. Previously, 255.255.255.255 was
used in this case.
*) Geoip: trusted proxies support and partial IPv6 support.
The module now supports recursive search of client address through the
chain of trusted proxies (closes #100), in the same scope as the geo
module. Proxies are listed by the "geoip_proxy" directive, recursive
search is enabled by the "geoip_proxy_recursive" directive. IPv6 is
partially supported: proxies may be specified with IPv6 addresses.
Example:
geoip_country .../GeoIP.dat;
geoip_proxy 127.0.0.1;
geoip_proxy ::1;
geoip_proxy 10.0.0.0/8;
geoip_proxy_recursive on;
Diffstat (limited to 'src/event/ngx_event.c')
| -rw-r--r-- | src/event/ngx_event.c | 39 |
1 files changed, 18 insertions, 21 deletions
diff --git a/src/event/ngx_event.c b/src/event/ngx_event.c index a0a9d743b..c584dd87d 100644 --- a/src/event/ngx_event.c +++ b/src/event/ngx_event.c @@ -1064,38 +1064,34 @@ ngx_event_debug_connection(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) ngx_int_t rc; ngx_str_t *value; - ngx_event_debug_t *dc; struct hostent *h; - ngx_cidr_t cidr; + ngx_cidr_t *cidr; value = cf->args->elts; - dc = ngx_array_push(&ecf->debug_connection); - if (dc == NULL) { + cidr = ngx_array_push(&ecf->debug_connection); + if (cidr == NULL) { return NGX_CONF_ERROR; } - rc = ngx_ptocidr(&value[1], &cidr); +#if (NGX_HAVE_UNIX_DOMAIN) + + if (ngx_strcmp(value[1].data, "unix:") == 0) { + cidr->family = AF_UNIX; + return NGX_CONF_OK; + } + +#endif + + rc = ngx_ptocidr(&value[1], cidr); if (rc == NGX_DONE) { ngx_conf_log_error(NGX_LOG_WARN, cf, 0, "low address bits of %V are meaningless", &value[1]); - rc = NGX_OK; + return NGX_CONF_OK; } if (rc == NGX_OK) { - - /* AF_INET only */ - - if (cidr.family != AF_INET) { - ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, - "\"debug_connection\" supports IPv4 only"); - return NGX_CONF_ERROR; - } - - dc->mask = cidr.u.in.mask; - dc->addr = cidr.u.in.addr; - return NGX_CONF_OK; } @@ -1107,8 +1103,9 @@ ngx_event_debug_connection(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) return NGX_CONF_ERROR; } - dc->mask = 0xffffffff; - dc->addr = *(in_addr_t *)(h->h_addr_list[0]); + cidr->family = AF_INET; + cidr->u.in.mask = 0xffffffff; + cidr->u.in.addr = *(in_addr_t *)(h->h_addr_list[0]); #else @@ -1142,7 +1139,7 @@ ngx_event_core_create_conf(ngx_cycle_t *cycle) #if (NGX_DEBUG) if (ngx_array_init(&ecf->debug_connection, cycle->pool, 4, - sizeof(ngx_event_debug_t)) == NGX_ERROR) + sizeof(ngx_cidr_t)) == NGX_ERROR) { return NULL; } |