nginxtra 1.8.1.12 → 1.10.1.12

Sign up to get free protection for your applications and to get access to all the features.
Files changed (238) hide show
  1. checksums.yaml +4 -4
  2. data/bin/nginxtra +1 -1
  3. data/bin/nginxtra_rails +1 -1
  4. data/lib/nginxtra/version.rb +1 -1
  5. data/vendor/nginx/CHANGES +363 -25
  6. data/vendor/nginx/CHANGES.ru +365 -21
  7. data/vendor/nginx/LICENSE +2 -2
  8. data/vendor/nginx/auto/cc/conf +32 -0
  9. data/vendor/nginx/auto/cc/gcc +1 -1
  10. data/vendor/nginx/auto/cc/icc +2 -2
  11. data/vendor/nginx/auto/cc/msvc +29 -8
  12. data/vendor/nginx/auto/cc/name +2 -25
  13. data/vendor/nginx/auto/cc/sunc +3 -0
  14. data/vendor/nginx/auto/endianness +7 -2
  15. data/vendor/nginx/auto/install +60 -26
  16. data/vendor/nginx/auto/lib/conf +4 -4
  17. data/vendor/nginx/auto/lib/geoip/conf +6 -1
  18. data/vendor/nginx/auto/lib/libgd/conf +6 -1
  19. data/vendor/nginx/auto/lib/libxslt/conf +11 -2
  20. data/vendor/nginx/auto/lib/make +1 -1
  21. data/vendor/nginx/auto/lib/md5/conf +2 -2
  22. data/vendor/nginx/auto/lib/md5/make +2 -2
  23. data/vendor/nginx/auto/lib/openssl/conf +52 -3
  24. data/vendor/nginx/auto/lib/openssl/make +1 -1
  25. data/vendor/nginx/auto/lib/pcre/conf +2 -2
  26. data/vendor/nginx/auto/lib/pcre/make +2 -2
  27. data/vendor/nginx/auto/lib/perl/conf +6 -3
  28. data/vendor/nginx/auto/lib/perl/make +4 -1
  29. data/vendor/nginx/auto/lib/sha1/conf +2 -2
  30. data/vendor/nginx/auto/lib/sha1/make +2 -2
  31. data/vendor/nginx/auto/lib/zlib/conf +2 -2
  32. data/vendor/nginx/auto/lib/zlib/make +2 -2
  33. data/vendor/nginx/auto/make +281 -16
  34. data/vendor/nginx/auto/module +122 -0
  35. data/vendor/nginx/auto/modules +909 -178
  36. data/vendor/nginx/auto/options +81 -19
  37. data/vendor/nginx/auto/os/conf +9 -0
  38. data/vendor/nginx/auto/os/darwin +3 -0
  39. data/vendor/nginx/auto/os/freebsd +0 -20
  40. data/vendor/nginx/auto/os/linux +0 -12
  41. data/vendor/nginx/auto/os/win32 +5 -1
  42. data/vendor/nginx/auto/sources +11 -311
  43. data/vendor/nginx/auto/summary +1 -0
  44. data/vendor/nginx/auto/types/sizeof +5 -3
  45. data/vendor/nginx/auto/types/typedef +9 -4
  46. data/vendor/nginx/auto/types/uintptr_t +7 -2
  47. data/vendor/nginx/auto/unix +72 -12
  48. data/vendor/nginx/conf/fastcgi.conf +1 -0
  49. data/vendor/nginx/conf/fastcgi_params +1 -0
  50. data/vendor/nginx/conf/scgi_params +1 -0
  51. data/vendor/nginx/conf/uwsgi_params +1 -0
  52. data/vendor/nginx/configure +1 -1
  53. data/vendor/nginx/contrib/vim/syntax/nginx.vim +2 -2
  54. data/vendor/nginx/man/nginx.8 +6 -2
  55. data/vendor/nginx/src/core/nginx.c +281 -114
  56. data/vendor/nginx/src/core/nginx.h +2 -2
  57. data/vendor/nginx/src/core/ngx_conf_file.c +54 -13
  58. data/vendor/nginx/src/core/ngx_conf_file.h +8 -52
  59. data/vendor/nginx/src/core/ngx_config.h +0 -5
  60. data/vendor/nginx/src/core/ngx_connection.c +270 -37
  61. data/vendor/nginx/src/core/ngx_connection.h +35 -12
  62. data/vendor/nginx/src/core/ngx_core.h +4 -0
  63. data/vendor/nginx/src/core/ngx_crypt.c +2 -2
  64. data/vendor/nginx/src/core/ngx_cycle.c +72 -25
  65. data/vendor/nginx/src/core/ngx_cycle.h +28 -39
  66. data/vendor/nginx/src/core/ngx_file.c +14 -5
  67. data/vendor/nginx/src/core/ngx_file.h +2 -0
  68. data/vendor/nginx/src/core/ngx_hash.c +13 -1
  69. data/vendor/nginx/src/core/ngx_inet.c +20 -18
  70. data/vendor/nginx/src/core/ngx_log.c +12 -12
  71. data/vendor/nginx/src/core/ngx_log.h +13 -6
  72. data/vendor/nginx/src/core/ngx_module.c +360 -0
  73. data/vendor/nginx/src/core/ngx_module.h +307 -0
  74. data/vendor/nginx/src/core/ngx_open_file_cache.c +2 -2
  75. data/vendor/nginx/src/core/ngx_output_chain.c +8 -4
  76. data/vendor/nginx/src/core/ngx_palloc.c +42 -44
  77. data/vendor/nginx/src/{http/ngx_http_parse_time.c → core/ngx_parse_time.c} +2 -3
  78. data/vendor/nginx/src/core/ngx_parse_time.h +22 -0
  79. data/vendor/nginx/src/core/ngx_proxy_protocol.c +50 -1
  80. data/vendor/nginx/src/core/ngx_proxy_protocol.h +3 -1
  81. data/vendor/nginx/src/core/ngx_regex.c +1 -38
  82. data/vendor/nginx/src/core/ngx_resolver.c +1814 -320
  83. data/vendor/nginx/src/core/ngx_resolver.h +67 -10
  84. data/vendor/nginx/src/core/ngx_rwlock.c +120 -0
  85. data/vendor/nginx/src/core/ngx_rwlock.h +21 -0
  86. data/vendor/nginx/src/core/ngx_slab.c +6 -5
  87. data/vendor/nginx/src/core/ngx_string.c +1 -1
  88. data/vendor/nginx/src/core/ngx_syslog.c +11 -3
  89. data/vendor/nginx/src/core/ngx_syslog.h +2 -1
  90. data/vendor/nginx/src/core/ngx_thread_pool.c +4 -0
  91. data/vendor/nginx/src/core/ngx_times.c +2 -2
  92. data/vendor/nginx/src/event/modules/ngx_devpoll_module.c +3 -1
  93. data/vendor/nginx/src/event/modules/ngx_epoll_module.c +5 -2
  94. data/vendor/nginx/src/event/modules/ngx_eventport_module.c +5 -5
  95. data/vendor/nginx/src/event/modules/ngx_kqueue_module.c +15 -8
  96. data/vendor/nginx/src/event/modules/ngx_poll_module.c +0 -10
  97. data/vendor/nginx/src/event/modules/ngx_select_module.c +0 -10
  98. data/vendor/nginx/src/event/ngx_event.c +60 -103
  99. data/vendor/nginx/src/event/ngx_event.h +22 -26
  100. data/vendor/nginx/src/event/ngx_event_accept.c +414 -88
  101. data/vendor/nginx/src/event/ngx_event_connect.c +27 -18
  102. data/vendor/nginx/src/event/ngx_event_connect.h +1 -0
  103. data/vendor/nginx/src/event/ngx_event_openssl.c +65 -25
  104. data/vendor/nginx/src/event/ngx_event_openssl.h +17 -0
  105. data/vendor/nginx/src/event/ngx_event_openssl_stapling.c +73 -7
  106. data/vendor/nginx/src/event/ngx_event_pipe.c +85 -27
  107. data/vendor/nginx/src/event/ngx_event_pipe.h +10 -0
  108. data/vendor/nginx/src/http/modules/ngx_http_auth_basic_module.c +1 -1
  109. data/vendor/nginx/src/http/modules/ngx_http_auth_request_module.c +2 -2
  110. data/vendor/nginx/src/http/modules/ngx_http_chunked_filter_module.c +2 -2
  111. data/vendor/nginx/src/http/modules/ngx_http_dav_module.c +6 -6
  112. data/vendor/nginx/src/http/modules/ngx_http_fastcgi_module.c +17 -11
  113. data/vendor/nginx/src/http/modules/ngx_http_gzip_filter_module.c +2 -2
  114. data/vendor/nginx/src/http/modules/ngx_http_headers_filter_module.c +9 -9
  115. data/vendor/nginx/src/http/modules/ngx_http_image_filter_module.c +2 -2
  116. data/vendor/nginx/src/http/modules/ngx_http_limit_conn_module.c +2 -2
  117. data/vendor/nginx/src/http/modules/ngx_http_limit_req_module.c +0 -7
  118. data/vendor/nginx/src/http/modules/ngx_http_map_module.c +6 -6
  119. data/vendor/nginx/src/http/modules/ngx_http_memcached_module.c +2 -1
  120. data/vendor/nginx/src/http/modules/ngx_http_mp4_module.c +13 -13
  121. data/vendor/nginx/src/http/modules/ngx_http_not_modified_filter_module.c +2 -2
  122. data/vendor/nginx/src/http/modules/ngx_http_proxy_module.c +26 -21
  123. data/vendor/nginx/src/http/modules/ngx_http_random_index_module.c +1 -1
  124. data/vendor/nginx/src/http/modules/ngx_http_range_filter_module.c +26 -8
  125. data/vendor/nginx/src/http/modules/ngx_http_realip_module.c +73 -3
  126. data/vendor/nginx/src/http/modules/ngx_http_referer_module.c +1 -1
  127. data/vendor/nginx/src/http/modules/ngx_http_rewrite_module.c +6 -6
  128. data/vendor/nginx/src/http/modules/ngx_http_scgi_module.c +5 -3
  129. data/vendor/nginx/src/http/modules/ngx_http_slice_filter_module.c +526 -0
  130. data/vendor/nginx/src/http/modules/ngx_http_ssi_filter_module.c +7 -7
  131. data/vendor/nginx/src/http/modules/ngx_http_ssl_module.c +19 -16
  132. data/vendor/nginx/src/http/modules/ngx_http_static_module.c +1 -1
  133. data/vendor/nginx/src/http/modules/ngx_http_stub_status_module.c +1 -1
  134. data/vendor/nginx/src/http/modules/ngx_http_sub_filter_module.c +373 -173
  135. data/vendor/nginx/src/http/modules/ngx_http_upstream_hash_module.c +72 -46
  136. data/vendor/nginx/src/http/modules/ngx_http_upstream_ip_hash_module.c +18 -30
  137. data/vendor/nginx/src/http/modules/ngx_http_upstream_keepalive_module.c +50 -39
  138. data/vendor/nginx/src/http/modules/ngx_http_upstream_least_conn_module.c +38 -129
  139. data/vendor/nginx/src/http/modules/ngx_http_upstream_zone_module.c +246 -0
  140. data/vendor/nginx/src/http/modules/ngx_http_uwsgi_module.c +6 -5
  141. data/vendor/nginx/src/http/modules/perl/nginx.xs +9 -9
  142. data/vendor/nginx/src/http/ngx_http.c +46 -43
  143. data/vendor/nginx/src/http/ngx_http.h +4 -9
  144. data/vendor/nginx/src/http/ngx_http_cache.h +4 -0
  145. data/vendor/nginx/src/http/ngx_http_copy_filter_module.c +13 -5
  146. data/vendor/nginx/src/http/ngx_http_core_module.c +92 -91
  147. data/vendor/nginx/src/http/ngx_http_core_module.h +12 -8
  148. data/vendor/nginx/src/http/ngx_http_file_cache.c +61 -10
  149. data/vendor/nginx/src/http/ngx_http_request.c +37 -50
  150. data/vendor/nginx/src/http/ngx_http_request.h +10 -15
  151. data/vendor/nginx/src/http/ngx_http_request_body.c +64 -88
  152. data/vendor/nginx/src/http/ngx_http_script.c +3 -3
  153. data/vendor/nginx/src/http/ngx_http_special_response.c +1 -4
  154. data/vendor/nginx/src/http/ngx_http_upstream.c +245 -109
  155. data/vendor/nginx/src/http/ngx_http_upstream.h +11 -5
  156. data/vendor/nginx/src/http/ngx_http_upstream_round_robin.c +212 -65
  157. data/vendor/nginx/src/http/ngx_http_upstream_round_robin.h +66 -5
  158. data/vendor/nginx/src/http/ngx_http_variables.c +28 -15
  159. data/vendor/nginx/src/http/ngx_http_write_filter_module.c +1 -1
  160. data/vendor/nginx/src/http/v2/ngx_http_v2.c +4349 -0
  161. data/vendor/nginx/src/http/v2/ngx_http_v2.h +337 -0
  162. data/vendor/nginx/src/http/v2/ngx_http_v2_filter_module.c +1391 -0
  163. data/vendor/nginx/src/http/v2/ngx_http_v2_huff_decode.c +2714 -0
  164. data/vendor/nginx/src/http/v2/ngx_http_v2_huff_encode.c +254 -0
  165. data/vendor/nginx/src/http/v2/ngx_http_v2_module.c +469 -0
  166. data/vendor/nginx/src/http/{ngx_http_spdy_module.h → v2/ngx_http_v2_module.h} +10 -9
  167. data/vendor/nginx/src/http/v2/ngx_http_v2_table.c +349 -0
  168. data/vendor/nginx/src/mail/ngx_mail.c +49 -82
  169. data/vendor/nginx/src/mail/ngx_mail.h +16 -23
  170. data/vendor/nginx/src/mail/ngx_mail_auth_http_module.c +1 -1
  171. data/vendor/nginx/src/mail/ngx_mail_core_module.c +60 -34
  172. data/vendor/nginx/src/mail/ngx_mail_handler.c +17 -12
  173. data/vendor/nginx/src/mail/ngx_mail_proxy_module.c +1 -14
  174. data/vendor/nginx/src/mail/ngx_mail_smtp_handler.c +1 -1
  175. data/vendor/nginx/src/mail/ngx_mail_ssl_module.c +5 -5
  176. data/vendor/nginx/src/os/unix/ngx_atomic.h +10 -10
  177. data/vendor/nginx/src/os/unix/ngx_channel.h +4 -4
  178. data/vendor/nginx/src/os/unix/ngx_darwin_config.h +2 -0
  179. data/vendor/nginx/src/os/unix/ngx_darwin_init.c +1 -0
  180. data/vendor/nginx/src/os/unix/ngx_dlopen.c +28 -0
  181. data/vendor/nginx/src/os/unix/ngx_dlopen.h +31 -0
  182. data/vendor/nginx/src/os/unix/ngx_errno.h +1 -0
  183. data/vendor/nginx/src/os/unix/ngx_file_aio_read.c +1 -1
  184. data/vendor/nginx/src/os/unix/ngx_files.c +313 -80
  185. data/vendor/nginx/src/os/unix/ngx_files.h +5 -2
  186. data/vendor/nginx/src/os/unix/ngx_freebsd_config.h +3 -1
  187. data/vendor/nginx/src/os/unix/ngx_freebsd_init.c +1 -0
  188. data/vendor/nginx/src/os/unix/ngx_freebsd_sendfile_chain.c +13 -0
  189. data/vendor/nginx/src/os/unix/ngx_linux.h +0 -2
  190. data/vendor/nginx/src/os/unix/ngx_linux_aio_read.c +1 -1
  191. data/vendor/nginx/src/os/unix/ngx_linux_config.h +2 -6
  192. data/vendor/nginx/src/os/unix/ngx_linux_init.c +1 -33
  193. data/vendor/nginx/src/os/unix/ngx_linux_sendfile_chain.c +55 -12
  194. data/vendor/nginx/src/os/unix/ngx_os.h +3 -9
  195. data/vendor/nginx/src/os/unix/ngx_posix_config.h +14 -1
  196. data/vendor/nginx/src/os/unix/ngx_posix_init.c +2 -1
  197. data/vendor/nginx/src/os/unix/ngx_process.c +1 -1
  198. data/vendor/nginx/src/os/unix/ngx_process_cycle.c +25 -51
  199. data/vendor/nginx/src/os/unix/ngx_process_cycle.h +1 -0
  200. data/vendor/nginx/src/os/unix/ngx_readv_chain.c +24 -28
  201. data/vendor/nginx/src/os/unix/ngx_recv.c +30 -79
  202. data/vendor/nginx/src/os/unix/ngx_send.c +1 -1
  203. data/vendor/nginx/src/os/unix/ngx_setaffinity.c +14 -30
  204. data/vendor/nginx/src/os/unix/ngx_setaffinity.h +15 -1
  205. data/vendor/nginx/src/os/unix/ngx_solaris_config.h +2 -0
  206. data/vendor/nginx/src/os/unix/ngx_solaris_init.c +1 -0
  207. data/vendor/nginx/src/os/unix/ngx_solaris_sendfilev_chain.c +23 -0
  208. data/vendor/nginx/src/os/unix/ngx_sunpro_amd64.il +3 -3
  209. data/vendor/nginx/src/os/unix/ngx_sunpro_x86.il +3 -3
  210. data/vendor/nginx/src/os/unix/ngx_udp_recv.c +5 -48
  211. data/vendor/nginx/src/os/unix/ngx_udp_send.c +56 -0
  212. data/vendor/nginx/src/stream/ngx_stream.c +564 -0
  213. data/vendor/nginx/src/stream/ngx_stream.h +212 -0
  214. data/vendor/nginx/src/stream/ngx_stream_access_module.c +451 -0
  215. data/vendor/nginx/src/stream/ngx_stream_core_module.c +562 -0
  216. data/vendor/nginx/src/stream/ngx_stream_handler.c +344 -0
  217. data/vendor/nginx/src/stream/ngx_stream_limit_conn_module.c +632 -0
  218. data/vendor/nginx/src/stream/ngx_stream_proxy_module.c +1674 -0
  219. data/vendor/nginx/src/stream/ngx_stream_ssl_module.c +460 -0
  220. data/vendor/nginx/src/stream/ngx_stream_ssl_module.h +49 -0
  221. data/vendor/nginx/src/stream/ngx_stream_upstream.c +464 -0
  222. data/vendor/nginx/src/stream/ngx_stream_upstream.h +107 -0
  223. data/vendor/nginx/src/stream/ngx_stream_upstream_hash_module.c +656 -0
  224. data/vendor/nginx/src/stream/ngx_stream_upstream_least_conn_module.c +307 -0
  225. data/vendor/nginx/src/stream/ngx_stream_upstream_round_robin.c +702 -0
  226. data/vendor/nginx/src/stream/ngx_stream_upstream_round_robin.h +139 -0
  227. data/vendor/nginx/src/stream/ngx_stream_upstream_zone_module.c +242 -0
  228. metadata +39 -15
  229. data/vendor/nginx/src/event/modules/ngx_aio_module.c +0 -171
  230. data/vendor/nginx/src/event/modules/ngx_rtsig_module.c +0 -735
  231. data/vendor/nginx/src/http/ngx_http_spdy.c +0 -3701
  232. data/vendor/nginx/src/http/ngx_http_spdy.h +0 -261
  233. data/vendor/nginx/src/http/ngx_http_spdy_filter_module.c +0 -1222
  234. data/vendor/nginx/src/http/ngx_http_spdy_module.c +0 -408
  235. data/vendor/nginx/src/os/unix/ngx_aio_read.c +0 -109
  236. data/vendor/nginx/src/os/unix/ngx_aio_read_chain.c +0 -78
  237. data/vendor/nginx/src/os/unix/ngx_aio_write.c +0 -109
  238. data/vendor/nginx/src/os/unix/ngx_aio_write_chain.c +0 -100
@@ -0,0 +1,212 @@
1
+
2
+ /*
3
+ * Copyright (C) Roman Arutyunyan
4
+ * Copyright (C) Nginx, Inc.
5
+ */
6
+
7
+
8
+ #ifndef _NGX_STREAM_H_INCLUDED_
9
+ #define _NGX_STREAM_H_INCLUDED_
10
+
11
+
12
+ #include <ngx_config.h>
13
+ #include <ngx_core.h>
14
+
15
+ #if (NGX_STREAM_SSL)
16
+ #include <ngx_stream_ssl_module.h>
17
+ #endif
18
+
19
+
20
+ typedef struct ngx_stream_session_s ngx_stream_session_t;
21
+
22
+
23
+ #include <ngx_stream_upstream.h>
24
+ #include <ngx_stream_upstream_round_robin.h>
25
+
26
+
27
+ typedef struct {
28
+ void **main_conf;
29
+ void **srv_conf;
30
+ } ngx_stream_conf_ctx_t;
31
+
32
+
33
+ typedef struct {
34
+ union {
35
+ struct sockaddr sockaddr;
36
+ struct sockaddr_in sockaddr_in;
37
+ #if (NGX_HAVE_INET6)
38
+ struct sockaddr_in6 sockaddr_in6;
39
+ #endif
40
+ #if (NGX_HAVE_UNIX_DOMAIN)
41
+ struct sockaddr_un sockaddr_un;
42
+ #endif
43
+ u_char sockaddr_data[NGX_SOCKADDRLEN];
44
+ } u;
45
+
46
+ socklen_t socklen;
47
+
48
+ /* server ctx */
49
+ ngx_stream_conf_ctx_t *ctx;
50
+
51
+ unsigned bind:1;
52
+ unsigned wildcard:1;
53
+ #if (NGX_STREAM_SSL)
54
+ unsigned ssl:1;
55
+ #endif
56
+ #if (NGX_HAVE_INET6 && defined IPV6_V6ONLY)
57
+ unsigned ipv6only:1;
58
+ #endif
59
+ #if (NGX_HAVE_REUSEPORT)
60
+ unsigned reuseport:1;
61
+ #endif
62
+ unsigned so_keepalive:2;
63
+ #if (NGX_HAVE_KEEPALIVE_TUNABLE)
64
+ int tcp_keepidle;
65
+ int tcp_keepintvl;
66
+ int tcp_keepcnt;
67
+ #endif
68
+ int backlog;
69
+ int type;
70
+ } ngx_stream_listen_t;
71
+
72
+
73
+ typedef struct {
74
+ ngx_stream_conf_ctx_t *ctx;
75
+ ngx_str_t addr_text;
76
+ #if (NGX_STREAM_SSL)
77
+ ngx_uint_t ssl; /* unsigned ssl:1; */
78
+ #endif
79
+ } ngx_stream_addr_conf_t;
80
+
81
+ typedef struct {
82
+ in_addr_t addr;
83
+ ngx_stream_addr_conf_t conf;
84
+ } ngx_stream_in_addr_t;
85
+
86
+
87
+ #if (NGX_HAVE_INET6)
88
+
89
+ typedef struct {
90
+ struct in6_addr addr6;
91
+ ngx_stream_addr_conf_t conf;
92
+ } ngx_stream_in6_addr_t;
93
+
94
+ #endif
95
+
96
+
97
+ typedef struct {
98
+ /* ngx_stream_in_addr_t or ngx_stream_in6_addr_t */
99
+ void *addrs;
100
+ ngx_uint_t naddrs;
101
+ } ngx_stream_port_t;
102
+
103
+
104
+ typedef struct {
105
+ int family;
106
+ int type;
107
+ in_port_t port;
108
+ ngx_array_t addrs; /* array of ngx_stream_conf_addr_t */
109
+ } ngx_stream_conf_port_t;
110
+
111
+
112
+ typedef struct {
113
+ ngx_stream_listen_t opt;
114
+ } ngx_stream_conf_addr_t;
115
+
116
+
117
+ typedef ngx_int_t (*ngx_stream_access_pt)(ngx_stream_session_t *s);
118
+
119
+
120
+ typedef struct {
121
+ ngx_array_t servers; /* ngx_stream_core_srv_conf_t */
122
+ ngx_array_t listen; /* ngx_stream_listen_t */
123
+ ngx_stream_access_pt limit_conn_handler;
124
+ ngx_stream_access_pt access_handler;
125
+ } ngx_stream_core_main_conf_t;
126
+
127
+
128
+ typedef void (*ngx_stream_handler_pt)(ngx_stream_session_t *s);
129
+
130
+
131
+ typedef struct {
132
+ ngx_stream_handler_pt handler;
133
+ ngx_stream_conf_ctx_t *ctx;
134
+ u_char *file_name;
135
+ ngx_int_t line;
136
+ ngx_log_t *error_log;
137
+ ngx_flag_t tcp_nodelay;
138
+ } ngx_stream_core_srv_conf_t;
139
+
140
+
141
+ struct ngx_stream_session_s {
142
+ uint32_t signature; /* "STRM" */
143
+
144
+ ngx_connection_t *connection;
145
+
146
+ off_t received;
147
+
148
+ ngx_log_handler_pt log_handler;
149
+
150
+ void **ctx;
151
+ void **main_conf;
152
+ void **srv_conf;
153
+
154
+ ngx_stream_upstream_t *upstream;
155
+ };
156
+
157
+
158
+ typedef struct {
159
+ ngx_int_t (*postconfiguration)(ngx_conf_t *cf);
160
+
161
+ void *(*create_main_conf)(ngx_conf_t *cf);
162
+ char *(*init_main_conf)(ngx_conf_t *cf, void *conf);
163
+
164
+ void *(*create_srv_conf)(ngx_conf_t *cf);
165
+ char *(*merge_srv_conf)(ngx_conf_t *cf, void *prev,
166
+ void *conf);
167
+ } ngx_stream_module_t;
168
+
169
+
170
+ #define NGX_STREAM_MODULE 0x4d525453 /* "STRM" */
171
+
172
+ #define NGX_STREAM_MAIN_CONF 0x02000000
173
+ #define NGX_STREAM_SRV_CONF 0x04000000
174
+ #define NGX_STREAM_UPS_CONF 0x08000000
175
+
176
+
177
+ #define NGX_STREAM_MAIN_CONF_OFFSET offsetof(ngx_stream_conf_ctx_t, main_conf)
178
+ #define NGX_STREAM_SRV_CONF_OFFSET offsetof(ngx_stream_conf_ctx_t, srv_conf)
179
+
180
+
181
+ #define ngx_stream_get_module_ctx(s, module) (s)->ctx[module.ctx_index]
182
+ #define ngx_stream_set_ctx(s, c, module) s->ctx[module.ctx_index] = c;
183
+ #define ngx_stream_delete_ctx(s, module) s->ctx[module.ctx_index] = NULL;
184
+
185
+
186
+ #define ngx_stream_get_module_main_conf(s, module) \
187
+ (s)->main_conf[module.ctx_index]
188
+ #define ngx_stream_get_module_srv_conf(s, module) \
189
+ (s)->srv_conf[module.ctx_index]
190
+
191
+ #define ngx_stream_conf_get_module_main_conf(cf, module) \
192
+ ((ngx_stream_conf_ctx_t *) cf->ctx)->main_conf[module.ctx_index]
193
+ #define ngx_stream_conf_get_module_srv_conf(cf, module) \
194
+ ((ngx_stream_conf_ctx_t *) cf->ctx)->srv_conf[module.ctx_index]
195
+
196
+ #define ngx_stream_cycle_get_module_main_conf(cycle, module) \
197
+ (cycle->conf_ctx[ngx_stream_module.index] ? \
198
+ ((ngx_stream_conf_ctx_t *) cycle->conf_ctx[ngx_stream_module.index]) \
199
+ ->main_conf[module.ctx_index]: \
200
+ NULL)
201
+
202
+
203
+ void ngx_stream_init_connection(ngx_connection_t *c);
204
+ void ngx_stream_close_connection(ngx_connection_t *c);
205
+
206
+
207
+ extern ngx_module_t ngx_stream_module;
208
+ extern ngx_uint_t ngx_stream_max_module;
209
+ extern ngx_module_t ngx_stream_core_module;
210
+
211
+
212
+ #endif /* _NGX_STREAM_H_INCLUDED_ */
@@ -0,0 +1,451 @@
1
+
2
+ /*
3
+ * Copyright (C) Igor Sysoev
4
+ * Copyright (C) Nginx, Inc.
5
+ */
6
+
7
+
8
+ #include <ngx_config.h>
9
+ #include <ngx_core.h>
10
+ #include <ngx_stream.h>
11
+
12
+
13
+ typedef struct {
14
+ in_addr_t mask;
15
+ in_addr_t addr;
16
+ ngx_uint_t deny; /* unsigned deny:1; */
17
+ } ngx_stream_access_rule_t;
18
+
19
+ #if (NGX_HAVE_INET6)
20
+
21
+ typedef struct {
22
+ struct in6_addr addr;
23
+ struct in6_addr mask;
24
+ ngx_uint_t deny; /* unsigned deny:1; */
25
+ } ngx_stream_access_rule6_t;
26
+
27
+ #endif
28
+
29
+ #if (NGX_HAVE_UNIX_DOMAIN)
30
+
31
+ typedef struct {
32
+ ngx_uint_t deny; /* unsigned deny:1; */
33
+ } ngx_stream_access_rule_un_t;
34
+
35
+ #endif
36
+
37
+ typedef struct {
38
+ ngx_array_t *rules; /* array of ngx_stream_access_rule_t */
39
+ #if (NGX_HAVE_INET6)
40
+ ngx_array_t *rules6; /* array of ngx_stream_access_rule6_t */
41
+ #endif
42
+ #if (NGX_HAVE_UNIX_DOMAIN)
43
+ ngx_array_t *rules_un; /* array of ngx_stream_access_rule_un_t */
44
+ #endif
45
+ } ngx_stream_access_srv_conf_t;
46
+
47
+
48
+ static ngx_int_t ngx_stream_access_handler(ngx_stream_session_t *s);
49
+ static ngx_int_t ngx_stream_access_inet(ngx_stream_session_t *s,
50
+ ngx_stream_access_srv_conf_t *ascf, in_addr_t addr);
51
+ #if (NGX_HAVE_INET6)
52
+ static ngx_int_t ngx_stream_access_inet6(ngx_stream_session_t *s,
53
+ ngx_stream_access_srv_conf_t *ascf, u_char *p);
54
+ #endif
55
+ #if (NGX_HAVE_UNIX_DOMAIN)
56
+ static ngx_int_t ngx_stream_access_unix(ngx_stream_session_t *s,
57
+ ngx_stream_access_srv_conf_t *ascf);
58
+ #endif
59
+ static ngx_int_t ngx_stream_access_found(ngx_stream_session_t *s,
60
+ ngx_uint_t deny);
61
+ static char *ngx_stream_access_rule(ngx_conf_t *cf, ngx_command_t *cmd,
62
+ void *conf);
63
+ static void *ngx_stream_access_create_srv_conf(ngx_conf_t *cf);
64
+ static char *ngx_stream_access_merge_srv_conf(ngx_conf_t *cf,
65
+ void *parent, void *child);
66
+ static ngx_int_t ngx_stream_access_init(ngx_conf_t *cf);
67
+
68
+
69
+ static ngx_command_t ngx_stream_access_commands[] = {
70
+
71
+ { ngx_string("allow"),
72
+ NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1,
73
+ ngx_stream_access_rule,
74
+ NGX_STREAM_SRV_CONF_OFFSET,
75
+ 0,
76
+ NULL },
77
+
78
+ { ngx_string("deny"),
79
+ NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1,
80
+ ngx_stream_access_rule,
81
+ NGX_STREAM_SRV_CONF_OFFSET,
82
+ 0,
83
+ NULL },
84
+
85
+ ngx_null_command
86
+ };
87
+
88
+
89
+
90
+ static ngx_stream_module_t ngx_stream_access_module_ctx = {
91
+ ngx_stream_access_init, /* postconfiguration */
92
+
93
+ NULL, /* create main configuration */
94
+ NULL, /* init main configuration */
95
+
96
+ ngx_stream_access_create_srv_conf, /* create server configuration */
97
+ ngx_stream_access_merge_srv_conf /* merge server configuration */
98
+ };
99
+
100
+
101
+ ngx_module_t ngx_stream_access_module = {
102
+ NGX_MODULE_V1,
103
+ &ngx_stream_access_module_ctx, /* module context */
104
+ ngx_stream_access_commands, /* module directives */
105
+ NGX_STREAM_MODULE, /* module type */
106
+ NULL, /* init master */
107
+ NULL, /* init module */
108
+ NULL, /* init process */
109
+ NULL, /* init thread */
110
+ NULL, /* exit thread */
111
+ NULL, /* exit process */
112
+ NULL, /* exit master */
113
+ NGX_MODULE_V1_PADDING
114
+ };
115
+
116
+
117
+ static ngx_int_t
118
+ ngx_stream_access_handler(ngx_stream_session_t *s)
119
+ {
120
+ struct sockaddr_in *sin;
121
+ ngx_stream_access_srv_conf_t *ascf;
122
+ #if (NGX_HAVE_INET6)
123
+ u_char *p;
124
+ in_addr_t addr;
125
+ struct sockaddr_in6 *sin6;
126
+ #endif
127
+
128
+ ascf = ngx_stream_get_module_srv_conf(s, ngx_stream_access_module);
129
+
130
+ switch (s->connection->sockaddr->sa_family) {
131
+
132
+ case AF_INET:
133
+ if (ascf->rules) {
134
+ sin = (struct sockaddr_in *) s->connection->sockaddr;
135
+ return ngx_stream_access_inet(s, ascf, sin->sin_addr.s_addr);
136
+ }
137
+ break;
138
+
139
+ #if (NGX_HAVE_INET6)
140
+
141
+ case AF_INET6:
142
+ sin6 = (struct sockaddr_in6 *) s->connection->sockaddr;
143
+ p = sin6->sin6_addr.s6_addr;
144
+
145
+ if (ascf->rules && IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {
146
+ addr = p[12] << 24;
147
+ addr += p[13] << 16;
148
+ addr += p[14] << 8;
149
+ addr += p[15];
150
+ return ngx_stream_access_inet(s, ascf, htonl(addr));
151
+ }
152
+
153
+ if (ascf->rules6) {
154
+ return ngx_stream_access_inet6(s, ascf, p);
155
+ }
156
+
157
+ break;
158
+
159
+ #endif
160
+
161
+ #if (NGX_HAVE_UNIX_DOMAIN)
162
+
163
+ case AF_UNIX:
164
+ if (ascf->rules_un) {
165
+ return ngx_stream_access_unix(s, ascf);
166
+ }
167
+
168
+ break;
169
+
170
+ #endif
171
+ }
172
+
173
+ return NGX_DECLINED;
174
+ }
175
+
176
+
177
+ static ngx_int_t
178
+ ngx_stream_access_inet(ngx_stream_session_t *s,
179
+ ngx_stream_access_srv_conf_t *ascf, in_addr_t addr)
180
+ {
181
+ ngx_uint_t i;
182
+ ngx_stream_access_rule_t *rule;
183
+
184
+ rule = ascf->rules->elts;
185
+ for (i = 0; i < ascf->rules->nelts; i++) {
186
+
187
+ ngx_log_debug3(NGX_LOG_DEBUG_STREAM, s->connection->log, 0,
188
+ "access: %08XD %08XD %08XD",
189
+ addr, rule[i].mask, rule[i].addr);
190
+
191
+ if ((addr & rule[i].mask) == rule[i].addr) {
192
+ return ngx_stream_access_found(s, rule[i].deny);
193
+ }
194
+ }
195
+
196
+ return NGX_DECLINED;
197
+ }
198
+
199
+
200
+ #if (NGX_HAVE_INET6)
201
+
202
+ static ngx_int_t
203
+ ngx_stream_access_inet6(ngx_stream_session_t *s,
204
+ ngx_stream_access_srv_conf_t *ascf, u_char *p)
205
+ {
206
+ ngx_uint_t n;
207
+ ngx_uint_t i;
208
+ ngx_stream_access_rule6_t *rule6;
209
+
210
+ rule6 = ascf->rules6->elts;
211
+ for (i = 0; i < ascf->rules6->nelts; i++) {
212
+
213
+ #if (NGX_DEBUG)
214
+ {
215
+ size_t cl, ml, al;
216
+ u_char ct[NGX_INET6_ADDRSTRLEN];
217
+ u_char mt[NGX_INET6_ADDRSTRLEN];
218
+ u_char at[NGX_INET6_ADDRSTRLEN];
219
+
220
+ cl = ngx_inet6_ntop(p, ct, NGX_INET6_ADDRSTRLEN);
221
+ ml = ngx_inet6_ntop(rule6[i].mask.s6_addr, mt, NGX_INET6_ADDRSTRLEN);
222
+ al = ngx_inet6_ntop(rule6[i].addr.s6_addr, at, NGX_INET6_ADDRSTRLEN);
223
+
224
+ ngx_log_debug6(NGX_LOG_DEBUG_STREAM, s->connection->log, 0,
225
+ "access: %*s %*s %*s", cl, ct, ml, mt, al, at);
226
+ }
227
+ #endif
228
+
229
+ for (n = 0; n < 16; n++) {
230
+ if ((p[n] & rule6[i].mask.s6_addr[n]) != rule6[i].addr.s6_addr[n]) {
231
+ goto next;
232
+ }
233
+ }
234
+
235
+ return ngx_stream_access_found(s, rule6[i].deny);
236
+
237
+ next:
238
+ continue;
239
+ }
240
+
241
+ return NGX_DECLINED;
242
+ }
243
+
244
+ #endif
245
+
246
+
247
+ #if (NGX_HAVE_UNIX_DOMAIN)
248
+
249
+ static ngx_int_t
250
+ ngx_stream_access_unix(ngx_stream_session_t *s,
251
+ ngx_stream_access_srv_conf_t *ascf)
252
+ {
253
+ ngx_uint_t i;
254
+ ngx_stream_access_rule_un_t *rule_un;
255
+
256
+ rule_un = ascf->rules_un->elts;
257
+ for (i = 0; i < ascf->rules_un->nelts; i++) {
258
+
259
+ /* TODO: check path */
260
+ if (1) {
261
+ return ngx_stream_access_found(s, rule_un[i].deny);
262
+ }
263
+ }
264
+
265
+ return NGX_DECLINED;
266
+ }
267
+
268
+ #endif
269
+
270
+
271
+ static ngx_int_t
272
+ ngx_stream_access_found(ngx_stream_session_t *s, ngx_uint_t deny)
273
+ {
274
+ if (deny) {
275
+ ngx_log_error(NGX_LOG_ERR, s->connection->log, 0,
276
+ "access forbidden by rule");
277
+ return NGX_ABORT;
278
+ }
279
+
280
+ return NGX_OK;
281
+ }
282
+
283
+
284
+ static char *
285
+ ngx_stream_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
286
+ {
287
+ ngx_stream_access_srv_conf_t *ascf = conf;
288
+
289
+ ngx_int_t rc;
290
+ ngx_uint_t all;
291
+ ngx_str_t *value;
292
+ ngx_cidr_t cidr;
293
+ ngx_stream_access_rule_t *rule;
294
+ #if (NGX_HAVE_INET6)
295
+ ngx_stream_access_rule6_t *rule6;
296
+ #endif
297
+ #if (NGX_HAVE_UNIX_DOMAIN)
298
+ ngx_stream_access_rule_un_t *rule_un;
299
+ #endif
300
+
301
+ ngx_memzero(&cidr, sizeof(ngx_cidr_t));
302
+
303
+ value = cf->args->elts;
304
+
305
+ all = (value[1].len == 3 && ngx_strcmp(value[1].data, "all") == 0);
306
+
307
+ if (!all) {
308
+
309
+ #if (NGX_HAVE_UNIX_DOMAIN)
310
+
311
+ if (value[1].len == 5 && ngx_strcmp(value[1].data, "unix:") == 0) {
312
+ cidr.family = AF_UNIX;
313
+ rc = NGX_OK;
314
+
315
+ } else {
316
+ rc = ngx_ptocidr(&value[1], &cidr);
317
+ }
318
+
319
+ #else
320
+ rc = ngx_ptocidr(&value[1], &cidr);
321
+ #endif
322
+
323
+ if (rc == NGX_ERROR) {
324
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
325
+ "invalid parameter \"%V\"", &value[1]);
326
+ return NGX_CONF_ERROR;
327
+ }
328
+
329
+ if (rc == NGX_DONE) {
330
+ ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
331
+ "low address bits of %V are meaningless", &value[1]);
332
+ }
333
+ }
334
+
335
+ if (cidr.family == AF_INET || all) {
336
+
337
+ if (ascf->rules == NULL) {
338
+ ascf->rules = ngx_array_create(cf->pool, 4,
339
+ sizeof(ngx_stream_access_rule_t));
340
+ if (ascf->rules == NULL) {
341
+ return NGX_CONF_ERROR;
342
+ }
343
+ }
344
+
345
+ rule = ngx_array_push(ascf->rules);
346
+ if (rule == NULL) {
347
+ return NGX_CONF_ERROR;
348
+ }
349
+
350
+ rule->mask = cidr.u.in.mask;
351
+ rule->addr = cidr.u.in.addr;
352
+ rule->deny = (value[0].data[0] == 'd') ? 1 : 0;
353
+ }
354
+
355
+ #if (NGX_HAVE_INET6)
356
+ if (cidr.family == AF_INET6 || all) {
357
+
358
+ if (ascf->rules6 == NULL) {
359
+ ascf->rules6 = ngx_array_create(cf->pool, 4,
360
+ sizeof(ngx_stream_access_rule6_t));
361
+ if (ascf->rules6 == NULL) {
362
+ return NGX_CONF_ERROR;
363
+ }
364
+ }
365
+
366
+ rule6 = ngx_array_push(ascf->rules6);
367
+ if (rule6 == NULL) {
368
+ return NGX_CONF_ERROR;
369
+ }
370
+
371
+ rule6->mask = cidr.u.in6.mask;
372
+ rule6->addr = cidr.u.in6.addr;
373
+ rule6->deny = (value[0].data[0] == 'd') ? 1 : 0;
374
+ }
375
+ #endif
376
+
377
+ #if (NGX_HAVE_UNIX_DOMAIN)
378
+ if (cidr.family == AF_UNIX || all) {
379
+
380
+ if (ascf->rules_un == NULL) {
381
+ ascf->rules_un = ngx_array_create(cf->pool, 1,
382
+ sizeof(ngx_stream_access_rule_un_t));
383
+ if (ascf->rules_un == NULL) {
384
+ return NGX_CONF_ERROR;
385
+ }
386
+ }
387
+
388
+ rule_un = ngx_array_push(ascf->rules_un);
389
+ if (rule_un == NULL) {
390
+ return NGX_CONF_ERROR;
391
+ }
392
+
393
+ rule_un->deny = (value[0].data[0] == 'd') ? 1 : 0;
394
+ }
395
+ #endif
396
+
397
+ return NGX_CONF_OK;
398
+ }
399
+
400
+
401
+ static void *
402
+ ngx_stream_access_create_srv_conf(ngx_conf_t *cf)
403
+ {
404
+ ngx_stream_access_srv_conf_t *conf;
405
+
406
+ conf = ngx_pcalloc(cf->pool, sizeof(ngx_stream_access_srv_conf_t));
407
+ if (conf == NULL) {
408
+ return NULL;
409
+ }
410
+
411
+ return conf;
412
+ }
413
+
414
+
415
+ static char *
416
+ ngx_stream_access_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
417
+ {
418
+ ngx_stream_access_srv_conf_t *prev = parent;
419
+ ngx_stream_access_srv_conf_t *conf = child;
420
+
421
+ if (conf->rules == NULL
422
+ #if (NGX_HAVE_INET6)
423
+ && conf->rules6 == NULL
424
+ #endif
425
+ #if (NGX_HAVE_UNIX_DOMAIN)
426
+ && conf->rules_un == NULL
427
+ #endif
428
+ ) {
429
+ conf->rules = prev->rules;
430
+ #if (NGX_HAVE_INET6)
431
+ conf->rules6 = prev->rules6;
432
+ #endif
433
+ #if (NGX_HAVE_UNIX_DOMAIN)
434
+ conf->rules_un = prev->rules_un;
435
+ #endif
436
+ }
437
+
438
+ return NGX_CONF_OK;
439
+ }
440
+
441
+
442
+ static ngx_int_t
443
+ ngx_stream_access_init(ngx_conf_t *cf)
444
+ {
445
+ ngx_stream_core_main_conf_t *cmcf;
446
+
447
+ cmcf = ngx_stream_conf_get_module_main_conf(cf, ngx_stream_core_module);
448
+ cmcf->access_handler = ngx_stream_access_handler;
449
+
450
+ return NGX_OK;
451
+ }