RubyGems - nginxtra - Versions diffs - 1.8.1.12 → 1.10.1.12 - Mend

nginxtra 1.8.1.12 → 1.10.1.12

Files changed (238) hide show

checksums.yaml +4 -4
data/bin/nginxtra +1 -1
data/bin/nginxtra_rails +1 -1
data/lib/nginxtra/version.rb +1 -1
data/vendor/nginx/CHANGES +363 -25
data/vendor/nginx/CHANGES.ru +365 -21
data/vendor/nginx/LICENSE +2 -2
data/vendor/nginx/auto/cc/conf +32 -0
data/vendor/nginx/auto/cc/gcc +1 -1
data/vendor/nginx/auto/cc/icc +2 -2
data/vendor/nginx/auto/cc/msvc +29 -8
data/vendor/nginx/auto/cc/name +2 -25
data/vendor/nginx/auto/cc/sunc +3 -0
data/vendor/nginx/auto/endianness +7 -2
data/vendor/nginx/auto/install +60 -26
data/vendor/nginx/auto/lib/conf +4 -4
data/vendor/nginx/auto/lib/geoip/conf +6 -1
data/vendor/nginx/auto/lib/libgd/conf +6 -1
data/vendor/nginx/auto/lib/libxslt/conf +11 -2
data/vendor/nginx/auto/lib/make +1 -1
data/vendor/nginx/auto/lib/md5/conf +2 -2
data/vendor/nginx/auto/lib/md5/make +2 -2
data/vendor/nginx/auto/lib/openssl/conf +52 -3
data/vendor/nginx/auto/lib/openssl/make +1 -1
data/vendor/nginx/auto/lib/pcre/conf +2 -2
data/vendor/nginx/auto/lib/pcre/make +2 -2
data/vendor/nginx/auto/lib/perl/conf +6 -3
data/vendor/nginx/auto/lib/perl/make +4 -1
data/vendor/nginx/auto/lib/sha1/conf +2 -2
data/vendor/nginx/auto/lib/sha1/make +2 -2
data/vendor/nginx/auto/lib/zlib/conf +2 -2
data/vendor/nginx/auto/lib/zlib/make +2 -2
data/vendor/nginx/auto/make +281 -16
data/vendor/nginx/auto/module +122 -0
data/vendor/nginx/auto/modules +909 -178
data/vendor/nginx/auto/options +81 -19
data/vendor/nginx/auto/os/conf +9 -0
data/vendor/nginx/auto/os/darwin +3 -0
data/vendor/nginx/auto/os/freebsd +0 -20
data/vendor/nginx/auto/os/linux +0 -12
data/vendor/nginx/auto/os/win32 +5 -1
data/vendor/nginx/auto/sources +11 -311
data/vendor/nginx/auto/summary +1 -0
data/vendor/nginx/auto/types/sizeof +5 -3
data/vendor/nginx/auto/types/typedef +9 -4
data/vendor/nginx/auto/types/uintptr_t +7 -2
data/vendor/nginx/auto/unix +72 -12
data/vendor/nginx/conf/fastcgi.conf +1 -0
data/vendor/nginx/conf/fastcgi_params +1 -0
data/vendor/nginx/conf/scgi_params +1 -0
data/vendor/nginx/conf/uwsgi_params +1 -0
data/vendor/nginx/configure +1 -1
data/vendor/nginx/contrib/vim/syntax/nginx.vim +2 -2
data/vendor/nginx/man/nginx.8 +6 -2
data/vendor/nginx/src/core/nginx.c +281 -114
data/vendor/nginx/src/core/nginx.h +2 -2
data/vendor/nginx/src/core/ngx_conf_file.c +54 -13
data/vendor/nginx/src/core/ngx_conf_file.h +8 -52
data/vendor/nginx/src/core/ngx_config.h +0 -5
data/vendor/nginx/src/core/ngx_connection.c +270 -37
data/vendor/nginx/src/core/ngx_connection.h +35 -12
data/vendor/nginx/src/core/ngx_core.h +4 -0
data/vendor/nginx/src/core/ngx_crypt.c +2 -2
data/vendor/nginx/src/core/ngx_cycle.c +72 -25
data/vendor/nginx/src/core/ngx_cycle.h +28 -39
data/vendor/nginx/src/core/ngx_file.c +14 -5
data/vendor/nginx/src/core/ngx_file.h +2 -0
data/vendor/nginx/src/core/ngx_hash.c +13 -1
data/vendor/nginx/src/core/ngx_inet.c +20 -18
data/vendor/nginx/src/core/ngx_log.c +12 -12
data/vendor/nginx/src/core/ngx_log.h +13 -6
data/vendor/nginx/src/core/ngx_module.c +360 -0
data/vendor/nginx/src/core/ngx_module.h +307 -0
data/vendor/nginx/src/core/ngx_open_file_cache.c +2 -2
data/vendor/nginx/src/core/ngx_output_chain.c +8 -4
data/vendor/nginx/src/core/ngx_palloc.c +42 -44
data/vendor/nginx/src/{http/ngx_http_parse_time.c → core/ngx_parse_time.c} +2 -3
data/vendor/nginx/src/core/ngx_parse_time.h +22 -0
data/vendor/nginx/src/core/ngx_proxy_protocol.c +50 -1
data/vendor/nginx/src/core/ngx_proxy_protocol.h +3 -1
data/vendor/nginx/src/core/ngx_regex.c +1 -38
data/vendor/nginx/src/core/ngx_resolver.c +1814 -320
data/vendor/nginx/src/core/ngx_resolver.h +67 -10
data/vendor/nginx/src/core/ngx_rwlock.c +120 -0
data/vendor/nginx/src/core/ngx_rwlock.h +21 -0
data/vendor/nginx/src/core/ngx_slab.c +6 -5
data/vendor/nginx/src/core/ngx_string.c +1 -1
data/vendor/nginx/src/core/ngx_syslog.c +11 -3
data/vendor/nginx/src/core/ngx_syslog.h +2 -1
data/vendor/nginx/src/core/ngx_thread_pool.c +4 -0
data/vendor/nginx/src/core/ngx_times.c +2 -2
data/vendor/nginx/src/event/modules/ngx_devpoll_module.c +3 -1
data/vendor/nginx/src/event/modules/ngx_epoll_module.c +5 -2
data/vendor/nginx/src/event/modules/ngx_eventport_module.c +5 -5
data/vendor/nginx/src/event/modules/ngx_kqueue_module.c +15 -8
data/vendor/nginx/src/event/modules/ngx_poll_module.c +0 -10
data/vendor/nginx/src/event/modules/ngx_select_module.c +0 -10
data/vendor/nginx/src/event/ngx_event.c +60 -103
data/vendor/nginx/src/event/ngx_event.h +22 -26
data/vendor/nginx/src/event/ngx_event_accept.c +414 -88
data/vendor/nginx/src/event/ngx_event_connect.c +27 -18
data/vendor/nginx/src/event/ngx_event_connect.h +1 -0
data/vendor/nginx/src/event/ngx_event_openssl.c +65 -25
data/vendor/nginx/src/event/ngx_event_openssl.h +17 -0
data/vendor/nginx/src/event/ngx_event_openssl_stapling.c +73 -7
data/vendor/nginx/src/event/ngx_event_pipe.c +85 -27
data/vendor/nginx/src/event/ngx_event_pipe.h +10 -0
data/vendor/nginx/src/http/modules/ngx_http_auth_basic_module.c +1 -1
data/vendor/nginx/src/http/modules/ngx_http_auth_request_module.c +2 -2
data/vendor/nginx/src/http/modules/ngx_http_chunked_filter_module.c +2 -2
data/vendor/nginx/src/http/modules/ngx_http_dav_module.c +6 -6
data/vendor/nginx/src/http/modules/ngx_http_fastcgi_module.c +17 -11
data/vendor/nginx/src/http/modules/ngx_http_gzip_filter_module.c +2 -2
data/vendor/nginx/src/http/modules/ngx_http_headers_filter_module.c +9 -9
data/vendor/nginx/src/http/modules/ngx_http_image_filter_module.c +2 -2
data/vendor/nginx/src/http/modules/ngx_http_limit_conn_module.c +2 -2
data/vendor/nginx/src/http/modules/ngx_http_limit_req_module.c +0 -7
data/vendor/nginx/src/http/modules/ngx_http_map_module.c +6 -6
data/vendor/nginx/src/http/modules/ngx_http_memcached_module.c +2 -1
data/vendor/nginx/src/http/modules/ngx_http_mp4_module.c +13 -13
data/vendor/nginx/src/http/modules/ngx_http_not_modified_filter_module.c +2 -2
data/vendor/nginx/src/http/modules/ngx_http_proxy_module.c +26 -21
data/vendor/nginx/src/http/modules/ngx_http_random_index_module.c +1 -1
data/vendor/nginx/src/http/modules/ngx_http_range_filter_module.c +26 -8
data/vendor/nginx/src/http/modules/ngx_http_realip_module.c +73 -3
data/vendor/nginx/src/http/modules/ngx_http_referer_module.c +1 -1
data/vendor/nginx/src/http/modules/ngx_http_rewrite_module.c +6 -6
data/vendor/nginx/src/http/modules/ngx_http_scgi_module.c +5 -3
data/vendor/nginx/src/http/modules/ngx_http_slice_filter_module.c +526 -0
data/vendor/nginx/src/http/modules/ngx_http_ssi_filter_module.c +7 -7
data/vendor/nginx/src/http/modules/ngx_http_ssl_module.c +19 -16
data/vendor/nginx/src/http/modules/ngx_http_static_module.c +1 -1
data/vendor/nginx/src/http/modules/ngx_http_stub_status_module.c +1 -1
data/vendor/nginx/src/http/modules/ngx_http_sub_filter_module.c +373 -173
data/vendor/nginx/src/http/modules/ngx_http_upstream_hash_module.c +72 -46
data/vendor/nginx/src/http/modules/ngx_http_upstream_ip_hash_module.c +18 -30
data/vendor/nginx/src/http/modules/ngx_http_upstream_keepalive_module.c +50 -39
data/vendor/nginx/src/http/modules/ngx_http_upstream_least_conn_module.c +38 -129
data/vendor/nginx/src/http/modules/ngx_http_upstream_zone_module.c +246 -0
data/vendor/nginx/src/http/modules/ngx_http_uwsgi_module.c +6 -5
data/vendor/nginx/src/http/modules/perl/nginx.xs +9 -9
data/vendor/nginx/src/http/ngx_http.c +46 -43
data/vendor/nginx/src/http/ngx_http.h +4 -9
data/vendor/nginx/src/http/ngx_http_cache.h +4 -0
data/vendor/nginx/src/http/ngx_http_copy_filter_module.c +13 -5
data/vendor/nginx/src/http/ngx_http_core_module.c +92 -91
data/vendor/nginx/src/http/ngx_http_core_module.h +12 -8
data/vendor/nginx/src/http/ngx_http_file_cache.c +61 -10
data/vendor/nginx/src/http/ngx_http_request.c +37 -50
data/vendor/nginx/src/http/ngx_http_request.h +10 -15
data/vendor/nginx/src/http/ngx_http_request_body.c +64 -88
data/vendor/nginx/src/http/ngx_http_script.c +3 -3
data/vendor/nginx/src/http/ngx_http_special_response.c +1 -4
data/vendor/nginx/src/http/ngx_http_upstream.c +245 -109
data/vendor/nginx/src/http/ngx_http_upstream.h +11 -5
data/vendor/nginx/src/http/ngx_http_upstream_round_robin.c +212 -65
data/vendor/nginx/src/http/ngx_http_upstream_round_robin.h +66 -5
data/vendor/nginx/src/http/ngx_http_variables.c +28 -15
data/vendor/nginx/src/http/ngx_http_write_filter_module.c +1 -1
data/vendor/nginx/src/http/v2/ngx_http_v2.c +4349 -0
data/vendor/nginx/src/http/v2/ngx_http_v2.h +337 -0
data/vendor/nginx/src/http/v2/ngx_http_v2_filter_module.c +1391 -0
data/vendor/nginx/src/http/v2/ngx_http_v2_huff_decode.c +2714 -0
data/vendor/nginx/src/http/v2/ngx_http_v2_huff_encode.c +254 -0
data/vendor/nginx/src/http/v2/ngx_http_v2_module.c +469 -0
data/vendor/nginx/src/http/{ngx_http_spdy_module.h → v2/ngx_http_v2_module.h} +10 -9
data/vendor/nginx/src/http/v2/ngx_http_v2_table.c +349 -0
data/vendor/nginx/src/mail/ngx_mail.c +49 -82
data/vendor/nginx/src/mail/ngx_mail.h +16 -23
data/vendor/nginx/src/mail/ngx_mail_auth_http_module.c +1 -1
data/vendor/nginx/src/mail/ngx_mail_core_module.c +60 -34
data/vendor/nginx/src/mail/ngx_mail_handler.c +17 -12
data/vendor/nginx/src/mail/ngx_mail_proxy_module.c +1 -14
data/vendor/nginx/src/mail/ngx_mail_smtp_handler.c +1 -1
data/vendor/nginx/src/mail/ngx_mail_ssl_module.c +5 -5
data/vendor/nginx/src/os/unix/ngx_atomic.h +10 -10
data/vendor/nginx/src/os/unix/ngx_channel.h +4 -4
data/vendor/nginx/src/os/unix/ngx_darwin_config.h +2 -0
data/vendor/nginx/src/os/unix/ngx_darwin_init.c +1 -0
data/vendor/nginx/src/os/unix/ngx_dlopen.c +28 -0
data/vendor/nginx/src/os/unix/ngx_dlopen.h +31 -0
data/vendor/nginx/src/os/unix/ngx_errno.h +1 -0
data/vendor/nginx/src/os/unix/ngx_file_aio_read.c +1 -1
data/vendor/nginx/src/os/unix/ngx_files.c +313 -80
data/vendor/nginx/src/os/unix/ngx_files.h +5 -2
data/vendor/nginx/src/os/unix/ngx_freebsd_config.h +3 -1
data/vendor/nginx/src/os/unix/ngx_freebsd_init.c +1 -0
data/vendor/nginx/src/os/unix/ngx_freebsd_sendfile_chain.c +13 -0
data/vendor/nginx/src/os/unix/ngx_linux.h +0 -2
data/vendor/nginx/src/os/unix/ngx_linux_aio_read.c +1 -1
data/vendor/nginx/src/os/unix/ngx_linux_config.h +2 -6
data/vendor/nginx/src/os/unix/ngx_linux_init.c +1 -33
data/vendor/nginx/src/os/unix/ngx_linux_sendfile_chain.c +55 -12
data/vendor/nginx/src/os/unix/ngx_os.h +3 -9
data/vendor/nginx/src/os/unix/ngx_posix_config.h +14 -1
data/vendor/nginx/src/os/unix/ngx_posix_init.c +2 -1
data/vendor/nginx/src/os/unix/ngx_process.c +1 -1
data/vendor/nginx/src/os/unix/ngx_process_cycle.c +25 -51
data/vendor/nginx/src/os/unix/ngx_process_cycle.h +1 -0
data/vendor/nginx/src/os/unix/ngx_readv_chain.c +24 -28
data/vendor/nginx/src/os/unix/ngx_recv.c +30 -79
data/vendor/nginx/src/os/unix/ngx_send.c +1 -1
data/vendor/nginx/src/os/unix/ngx_setaffinity.c +14 -30
data/vendor/nginx/src/os/unix/ngx_setaffinity.h +15 -1
data/vendor/nginx/src/os/unix/ngx_solaris_config.h +2 -0
data/vendor/nginx/src/os/unix/ngx_solaris_init.c +1 -0
data/vendor/nginx/src/os/unix/ngx_solaris_sendfilev_chain.c +23 -0
data/vendor/nginx/src/os/unix/ngx_sunpro_amd64.il +3 -3
data/vendor/nginx/src/os/unix/ngx_sunpro_x86.il +3 -3
data/vendor/nginx/src/os/unix/ngx_udp_recv.c +5 -48
data/vendor/nginx/src/os/unix/ngx_udp_send.c +56 -0
data/vendor/nginx/src/stream/ngx_stream.c +564 -0
data/vendor/nginx/src/stream/ngx_stream.h +212 -0
data/vendor/nginx/src/stream/ngx_stream_access_module.c +451 -0
data/vendor/nginx/src/stream/ngx_stream_core_module.c +562 -0
data/vendor/nginx/src/stream/ngx_stream_handler.c +344 -0
data/vendor/nginx/src/stream/ngx_stream_limit_conn_module.c +632 -0
data/vendor/nginx/src/stream/ngx_stream_proxy_module.c +1674 -0
data/vendor/nginx/src/stream/ngx_stream_ssl_module.c +460 -0
data/vendor/nginx/src/stream/ngx_stream_ssl_module.h +49 -0
data/vendor/nginx/src/stream/ngx_stream_upstream.c +464 -0
data/vendor/nginx/src/stream/ngx_stream_upstream.h +107 -0
data/vendor/nginx/src/stream/ngx_stream_upstream_hash_module.c +656 -0
data/vendor/nginx/src/stream/ngx_stream_upstream_least_conn_module.c +307 -0
data/vendor/nginx/src/stream/ngx_stream_upstream_round_robin.c +702 -0
data/vendor/nginx/src/stream/ngx_stream_upstream_round_robin.h +139 -0
data/vendor/nginx/src/stream/ngx_stream_upstream_zone_module.c +242 -0
metadata +39 -15
data/vendor/nginx/src/event/modules/ngx_aio_module.c +0 -171
data/vendor/nginx/src/event/modules/ngx_rtsig_module.c +0 -735
data/vendor/nginx/src/http/ngx_http_spdy.c +0 -3701
data/vendor/nginx/src/http/ngx_http_spdy.h +0 -261
data/vendor/nginx/src/http/ngx_http_spdy_filter_module.c +0 -1222
data/vendor/nginx/src/http/ngx_http_spdy_module.c +0 -408
data/vendor/nginx/src/os/unix/ngx_aio_read.c +0 -109
data/vendor/nginx/src/os/unix/ngx_aio_read_chain.c +0 -78
data/vendor/nginx/src/os/unix/ngx_aio_write.c +0 -109
data/vendor/nginx/src/os/unix/ngx_aio_write_chain.c +0 -100

data/vendor/nginx/src/stream/ngx_stream_handler.c ADDED Viewed

@@ -0,0 +1,344 @@
+/*
+ * Copyright (C) Roman Arutyunyan
+ * Copyright (C) Nginx, Inc.
+ */
+#include <ngx_config.h>
+#include <ngx_core.h>
+#include <ngx_event.h>
+#include <ngx_stream.h>
+static u_char *ngx_stream_log_error(ngx_log_t *log, u_char *buf, size_t len);
+static void ngx_stream_init_session(ngx_connection_t *c);
+#if (NGX_STREAM_SSL)
+static void ngx_stream_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c);
+static void ngx_stream_ssl_handshake_handler(ngx_connection_t *c);
+#endif
+void
+ngx_stream_init_connection(ngx_connection_t *c)
+{
+    int                           tcp_nodelay;
+    u_char                        text[NGX_SOCKADDR_STRLEN];
+    size_t                        len;
+    ngx_int_t                     rc;
+    ngx_uint_t                    i;
+    struct sockaddr              *sa;
+    ngx_stream_port_t            *port;
+    struct sockaddr_in           *sin;
+    ngx_stream_in_addr_t         *addr;
+    ngx_stream_session_t         *s;
+    ngx_stream_addr_conf_t       *addr_conf;
+#if (NGX_HAVE_INET6)
+    struct sockaddr_in6          *sin6;
+    ngx_stream_in6_addr_t        *addr6;
+#endif
+    ngx_stream_core_srv_conf_t   *cscf;
+    ngx_stream_core_main_conf_t  *cmcf;
+    /* find the server configuration for the address:port */
+    port = c->listening->servers;
+    if (port->naddrs > 1) {
+        /*
+         * There are several addresses on this port and one of them
+         * is the "*:port" wildcard so getsockname() is needed to determine
+         * the server address.
+         *
+         * AcceptEx() and recvmsg() already gave this address.
+         */
+        if (ngx_connection_local_sockaddr(c, NULL, 0) != NGX_OK) {
+            ngx_stream_close_connection(c);
+            return;
+        }
+        sa = c->local_sockaddr;
+        switch (sa->sa_family) {
+#if (NGX_HAVE_INET6)
+        case AF_INET6:
+            sin6 = (struct sockaddr_in6 *) sa;
+            addr6 = port->addrs;
+            /* the last address is "*" */
+            for (i = 0; i < port->naddrs - 1; i++) {
+                if (ngx_memcmp(&addr6[i].addr6, &sin6->sin6_addr, 16) == 0) {
+                    break;
+                }
+            }
+            addr_conf = &addr6[i].conf;
+            break;
+#endif
+        default: /* AF_INET */
+            sin = (struct sockaddr_in *) sa;
+            addr = port->addrs;
+            /* the last address is "*" */
+            for (i = 0; i < port->naddrs - 1; i++) {
+                if (addr[i].addr == sin->sin_addr.s_addr) {
+                    break;
+                }
+            }
+            addr_conf = &addr[i].conf;
+            break;
+        }
+    } else {
+        switch (c->local_sockaddr->sa_family) {
+#if (NGX_HAVE_INET6)
+        case AF_INET6:
+            addr6 = port->addrs;
+            addr_conf = &addr6[0].conf;
+            break;
+#endif
+        default: /* AF_INET */
+            addr = port->addrs;
+            addr_conf = &addr[0].conf;
+            break;
+        }
+    }
+    s = ngx_pcalloc(c->pool, sizeof(ngx_stream_session_t));
+    if (s == NULL) {
+        ngx_stream_close_connection(c);
+        return;
+    }
+    s->signature = NGX_STREAM_MODULE;
+    s->main_conf = addr_conf->ctx->main_conf;
+    s->srv_conf = addr_conf->ctx->srv_conf;
+    s->connection = c;
+    c->data = s;
+    cscf = ngx_stream_get_module_srv_conf(s, ngx_stream_core_module);
+    ngx_set_connection_log(c, cscf->error_log);
+    len = ngx_sock_ntop(c->sockaddr, c->socklen, text, NGX_SOCKADDR_STRLEN, 1);
+    ngx_log_error(NGX_LOG_INFO, c->log, 0, "*%uA %sclient %*s connected to %V",
+                  c->number, c->type == SOCK_DGRAM ? "udp " : "",
+                  len, text, &addr_conf->addr_text);
+    c->log->connection = c->number;
+    c->log->handler = ngx_stream_log_error;
+    c->log->data = s;
+    c->log->action = "initializing connection";
+    c->log_error = NGX_ERROR_INFO;
+    cmcf = ngx_stream_get_module_main_conf(s, ngx_stream_core_module);
+    if (cmcf->limit_conn_handler) {
+        rc = cmcf->limit_conn_handler(s);
+        if (rc != NGX_DECLINED) {
+            ngx_stream_close_connection(c);
+            return;
+        }
+    }
+    if (cmcf->access_handler) {
+        rc = cmcf->access_handler(s);
+        if (rc != NGX_OK && rc != NGX_DECLINED) {
+            ngx_stream_close_connection(c);
+            return;
+        }
+    }
+    if (c->type == SOCK_STREAM
+        && cscf->tcp_nodelay
+        && c->tcp_nodelay == NGX_TCP_NODELAY_UNSET)
+    {
+        ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0, "tcp_nodelay");
+        tcp_nodelay = 1;
+        if (setsockopt(c->fd, IPPROTO_TCP, TCP_NODELAY,
+                       (const void *) &tcp_nodelay, sizeof(int)) == -1)
+        {
+            ngx_connection_error(c, ngx_socket_errno,
+                                 "setsockopt(TCP_NODELAY) failed");
+            ngx_stream_close_connection(c);
+            return;
+        }
+        c->tcp_nodelay = NGX_TCP_NODELAY_SET;
+    }
+#if (NGX_STREAM_SSL)
+    {
+    ngx_stream_ssl_conf_t  *sslcf;
+    sslcf = ngx_stream_get_module_srv_conf(s, ngx_stream_ssl_module);
+    if (addr_conf->ssl) {
+        c->log->action = "SSL handshaking";
+        if (sslcf->ssl.ctx == NULL) {
+            ngx_log_error(NGX_LOG_ERR, c->log, 0,
+                          "no \"ssl_certificate\" is defined "
+                          "in server listening on SSL port");
+            ngx_stream_close_connection(c);
+            return;
+        }
+        ngx_stream_ssl_init_connection(&sslcf->ssl, c);
+        return;
+    }
+    }
+#endif
+    ngx_stream_init_session(c);
+}
+static void
+ngx_stream_init_session(ngx_connection_t *c)
+{
+    ngx_stream_session_t        *s;
+    ngx_stream_core_srv_conf_t  *cscf;
+    s = c->data;
+    c->log->action = "handling client connection";
+    cscf = ngx_stream_get_module_srv_conf(s, ngx_stream_core_module);
+    s->ctx = ngx_pcalloc(c->pool, sizeof(void *) * ngx_stream_max_module);
+    if (s->ctx == NULL) {
+        ngx_stream_close_connection(c);
+        return;
+    }
+    cscf->handler(s);
+}
+#if (NGX_STREAM_SSL)
+static void
+ngx_stream_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c)
+{
+    ngx_stream_session_t   *s;
+    ngx_stream_ssl_conf_t  *sslcf;
+    if (ngx_ssl_create_connection(ssl, c, 0) == NGX_ERROR) {
+        ngx_stream_close_connection(c);
+        return;
+    }
+    if (ngx_ssl_handshake(c) == NGX_AGAIN) {
+        s = c->data;
+        sslcf = ngx_stream_get_module_srv_conf(s, ngx_stream_ssl_module);
+        ngx_add_timer(c->read, sslcf->handshake_timeout);
+        c->ssl->handler = ngx_stream_ssl_handshake_handler;
+        return;
+    }
+    ngx_stream_ssl_handshake_handler(c);
+}
+static void
+ngx_stream_ssl_handshake_handler(ngx_connection_t *c)
+{
+    if (!c->ssl->handshaked) {
+        ngx_stream_close_connection(c);
+        return;
+    }
+    if (c->read->timer_set) {
+        ngx_del_timer(c->read);
+    }
+    ngx_stream_init_session(c);
+}
+#endif
+void
+ngx_stream_close_connection(ngx_connection_t *c)
+{
+    ngx_pool_t  *pool;
+    ngx_log_debug1(NGX_LOG_DEBUG_STREAM, c->log, 0,
+                   "close stream connection: %d", c->fd);
+#if (NGX_STREAM_SSL)
+    if (c->ssl) {
+        if (ngx_ssl_shutdown(c) == NGX_AGAIN) {
+            c->ssl->handler = ngx_stream_close_connection;
+            return;
+        }
+    }
+#endif
+#if (NGX_STAT_STUB)
+    (void) ngx_atomic_fetch_add(ngx_stat_active, -1);
+#endif
+    pool = c->pool;
+    ngx_close_connection(c);
+    ngx_destroy_pool(pool);
+}
+static u_char *
+ngx_stream_log_error(ngx_log_t *log, u_char *buf, size_t len)
+{
+    u_char                *p;
+    ngx_stream_session_t  *s;
+    if (log->action) {
+        p = ngx_snprintf(buf, len, " while %s", log->action);
+        len -= p - buf;
+        buf = p;
+    }
+    s = log->data;
+    p = ngx_snprintf(buf, len, ", %sclient: %V, server: %V",
+                     s->connection->type == SOCK_DGRAM ? "udp " : "",
+                     &s->connection->addr_text,
+                     &s->connection->listening->addr_text);
+    len -= p - buf;
+    buf = p;
+    if (s->log_handler) {
+        p = s->log_handler(log, buf, len);
+    }
+    return p;
+}

data/vendor/nginx/src/stream/ngx_stream_limit_conn_module.c ADDED Viewed

@@ -0,0 +1,632 @@
+/*
+ * Copyright (C) Igor Sysoev
+ * Copyright (C) Nginx, Inc.
+ */
+#include <ngx_config.h>
+#include <ngx_core.h>
+#include <ngx_stream.h>
+typedef struct {
+    u_char                     color;
+    u_char                     len;
+    u_short                    conn;
+    u_char                     data[1];
+} ngx_stream_limit_conn_node_t;
+typedef struct {
+    ngx_shm_zone_t            *shm_zone;
+    ngx_rbtree_node_t         *node;
+} ngx_stream_limit_conn_cleanup_t;
+typedef struct {
+    ngx_rbtree_t              *rbtree;
+} ngx_stream_limit_conn_ctx_t;
+typedef struct {
+    ngx_shm_zone_t            *shm_zone;
+    ngx_uint_t                 conn;
+} ngx_stream_limit_conn_limit_t;
+typedef struct {
+    ngx_array_t                limits;
+    ngx_uint_t                 log_level;
+} ngx_stream_limit_conn_conf_t;
+static ngx_rbtree_node_t *ngx_stream_limit_conn_lookup(ngx_rbtree_t *rbtree,
+    ngx_str_t *key, uint32_t hash);
+static void ngx_stream_limit_conn_cleanup(void *data);
+static ngx_inline void ngx_stream_limit_conn_cleanup_all(ngx_pool_t *pool);
+static void *ngx_stream_limit_conn_create_conf(ngx_conf_t *cf);
+static char *ngx_stream_limit_conn_merge_conf(ngx_conf_t *cf, void *parent,
+    void *child);
+static char *ngx_stream_limit_conn_zone(ngx_conf_t *cf, ngx_command_t *cmd,
+    void *conf);
+static char *ngx_stream_limit_conn(ngx_conf_t *cf, ngx_command_t *cmd,
+    void *conf);
+static ngx_int_t ngx_stream_limit_conn_init(ngx_conf_t *cf);
+static ngx_conf_enum_t  ngx_stream_limit_conn_log_levels[] = {
+    { ngx_string("info"), NGX_LOG_INFO },
+    { ngx_string("notice"), NGX_LOG_NOTICE },
+    { ngx_string("warn"), NGX_LOG_WARN },
+    { ngx_string("error"), NGX_LOG_ERR },
+    { ngx_null_string, 0 }
+};
+static ngx_command_t  ngx_stream_limit_conn_commands[] = {
+    { ngx_string("limit_conn_zone"),
+      NGX_STREAM_MAIN_CONF|NGX_CONF_TAKE2,
+      ngx_stream_limit_conn_zone,
+      0,
+      0,
+      NULL },
+    { ngx_string("limit_conn"),
+      NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE2,
+      ngx_stream_limit_conn,
+      NGX_STREAM_SRV_CONF_OFFSET,
+      0,
+      NULL },
+    { ngx_string("limit_conn_log_level"),
+      NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1,
+      ngx_conf_set_enum_slot,
+      NGX_STREAM_SRV_CONF_OFFSET,
+      offsetof(ngx_stream_limit_conn_conf_t, log_level),
+      &ngx_stream_limit_conn_log_levels },
+      ngx_null_command
+};
+static ngx_stream_module_t  ngx_stream_limit_conn_module_ctx = {
+    ngx_stream_limit_conn_init,            /* postconfiguration */
+    NULL,                                  /* create main configuration */
+    NULL,                                  /* init main configuration */
+    ngx_stream_limit_conn_create_conf,     /* create server configuration */
+    ngx_stream_limit_conn_merge_conf,      /* merge server configuration */
+};
+ngx_module_t  ngx_stream_limit_conn_module = {
+    NGX_MODULE_V1,
+    &ngx_stream_limit_conn_module_ctx,       /* module context */
+    ngx_stream_limit_conn_commands,          /* module directives */
+    NGX_STREAM_MODULE,                       /* module type */
+    NULL,                                    /* init master */
+    NULL,                                    /* init module */
+    NULL,                                    /* init process */
+    NULL,                                    /* init thread */
+    NULL,                                    /* exit thread */
+    NULL,                                    /* exit process */
+    NULL,                                    /* exit master */
+    NGX_MODULE_V1_PADDING
+};
+static ngx_int_t
+ngx_stream_limit_conn_handler(ngx_stream_session_t *s)
+{
+    size_t                            n;
+    uint32_t                          hash;
+    ngx_str_t                         key;
+    ngx_uint_t                        i;
+    ngx_slab_pool_t                  *shpool;
+    ngx_rbtree_node_t                *node;
+    ngx_pool_cleanup_t               *cln;
+    struct sockaddr_in               *sin;
+#if (NGX_HAVE_INET6)
+    struct sockaddr_in6              *sin6;
+#endif
+    ngx_stream_limit_conn_ctx_t      *ctx;
+    ngx_stream_limit_conn_node_t     *lc;
+    ngx_stream_limit_conn_conf_t     *lccf;
+    ngx_stream_limit_conn_limit_t    *limits;
+    ngx_stream_limit_conn_cleanup_t  *lccln;
+    switch (s->connection->sockaddr->sa_family) {
+    case AF_INET:
+        sin = (struct sockaddr_in *) s->connection->sockaddr;
+        key.len = sizeof(in_addr_t);
+        key.data = (u_char *) &sin->sin_addr;
+        break;
+#if (NGX_HAVE_INET6)
+    case AF_INET6:
+        sin6 = (struct sockaddr_in6 *) s->connection->sockaddr;
+        key.len = sizeof(struct in6_addr);
+        key.data = sin6->sin6_addr.s6_addr;
+        break;
+#endif
+    default:
+        return NGX_DECLINED;
+    }
+    hash = ngx_crc32_short(key.data, key.len);
+    lccf = ngx_stream_get_module_srv_conf(s, ngx_stream_limit_conn_module);
+    limits = lccf->limits.elts;
+    for (i = 0; i < lccf->limits.nelts; i++) {
+        ctx = limits[i].shm_zone->data;
+        shpool = (ngx_slab_pool_t *) limits[i].shm_zone->shm.addr;
+        ngx_shmtx_lock(&shpool->mutex);
+        node = ngx_stream_limit_conn_lookup(ctx->rbtree, &key, hash);
+        if (node == NULL) {
+            n = offsetof(ngx_rbtree_node_t, color)
+                + offsetof(ngx_stream_limit_conn_node_t, data)
+                + key.len;
+            node = ngx_slab_alloc_locked(shpool, n);
+            if (node == NULL) {
+                ngx_shmtx_unlock(&shpool->mutex);
+                ngx_stream_limit_conn_cleanup_all(s->connection->pool);
+                return NGX_ABORT;
+            }
+            lc = (ngx_stream_limit_conn_node_t *) &node->color;
+            node->key = hash;
+            lc->len = (u_char) key.len;
+            lc->conn = 1;
+            ngx_memcpy(lc->data, key.data, key.len);
+            ngx_rbtree_insert(ctx->rbtree, node);
+        } else {
+            lc = (ngx_stream_limit_conn_node_t *) &node->color;
+            if ((ngx_uint_t) lc->conn >= limits[i].conn) {
+                ngx_shmtx_unlock(&shpool->mutex);
+                ngx_log_error(lccf->log_level, s->connection->log, 0,
+                              "limiting connections by zone \"%V\"",
+                              &limits[i].shm_zone->shm.name);
+                ngx_stream_limit_conn_cleanup_all(s->connection->pool);
+                return NGX_ABORT;
+            }
+            lc->conn++;
+        }
+        ngx_log_debug2(NGX_LOG_DEBUG_STREAM, s->connection->log, 0,
+                       "limit conn: %08Xi %d", node->key, lc->conn);
+        ngx_shmtx_unlock(&shpool->mutex);
+        cln = ngx_pool_cleanup_add(s->connection->pool,
+                                   sizeof(ngx_stream_limit_conn_cleanup_t));
+        if (cln == NULL) {
+            return NGX_ERROR;
+        }
+        cln->handler = ngx_stream_limit_conn_cleanup;
+        lccln = cln->data;
+        lccln->shm_zone = limits[i].shm_zone;
+        lccln->node = node;
+    }
+    return NGX_DECLINED;
+}
+static void
+ngx_stream_limit_conn_rbtree_insert_value(ngx_rbtree_node_t *temp,
+    ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel)
+{
+    ngx_rbtree_node_t             **p;
+    ngx_stream_limit_conn_node_t   *lcn, *lcnt;
+    for ( ;; ) {
+        if (node->key < temp->key) {
+            p = &temp->left;
+        } else if (node->key > temp->key) {
+            p = &temp->right;
+        } else { /* node->key == temp->key */
+            lcn = (ngx_stream_limit_conn_node_t *) &node->color;
+            lcnt = (ngx_stream_limit_conn_node_t *) &temp->color;
+            p = (ngx_memn2cmp(lcn->data, lcnt->data, lcn->len, lcnt->len) < 0)
+                ? &temp->left : &temp->right;
+        }
+        if (*p == sentinel) {
+            break;
+        }
+        temp = *p;
+    }
+    *p = node;
+    node->parent = temp;
+    node->left = sentinel;
+    node->right = sentinel;
+    ngx_rbt_red(node);
+}
+static ngx_rbtree_node_t *
+ngx_stream_limit_conn_lookup(ngx_rbtree_t *rbtree, ngx_str_t *key,
+    uint32_t hash)
+{
+    ngx_int_t                      rc;
+    ngx_rbtree_node_t             *node, *sentinel;
+    ngx_stream_limit_conn_node_t  *lcn;
+    node = rbtree->root;
+    sentinel = rbtree->sentinel;
+    while (node != sentinel) {
+        if (hash < node->key) {
+            node = node->left;
+            continue;
+        }
+        if (hash > node->key) {
+            node = node->right;
+            continue;
+        }
+        /* hash == node->key */
+        lcn = (ngx_stream_limit_conn_node_t *) &node->color;
+        rc = ngx_memn2cmp(key->data, lcn->data, key->len, (size_t) lcn->len);
+        if (rc == 0) {
+            return node;
+        }
+        node = (rc < 0) ? node->left : node->right;
+    }
+    return NULL;
+}
+static void
+ngx_stream_limit_conn_cleanup(void *data)
+{
+    ngx_stream_limit_conn_cleanup_t  *lccln = data;
+    ngx_slab_pool_t               *shpool;
+    ngx_rbtree_node_t             *node;
+    ngx_stream_limit_conn_ctx_t   *ctx;
+    ngx_stream_limit_conn_node_t  *lc;
+    ctx = lccln->shm_zone->data;
+    shpool = (ngx_slab_pool_t *) lccln->shm_zone->shm.addr;
+    node = lccln->node;
+    lc = (ngx_stream_limit_conn_node_t *) &node->color;
+    ngx_shmtx_lock(&shpool->mutex);
+    ngx_log_debug2(NGX_LOG_DEBUG_STREAM, lccln->shm_zone->shm.log, 0,
+                   "limit conn cleanup: %08Xi %d", node->key, lc->conn);
+    lc->conn--;
+    if (lc->conn == 0) {
+        ngx_rbtree_delete(ctx->rbtree, node);
+        ngx_slab_free_locked(shpool, node);
+    }
+    ngx_shmtx_unlock(&shpool->mutex);
+}
+static ngx_inline void
+ngx_stream_limit_conn_cleanup_all(ngx_pool_t *pool)
+{
+    ngx_pool_cleanup_t  *cln;
+    cln = pool->cleanup;
+    while (cln && cln->handler == ngx_stream_limit_conn_cleanup) {
+        ngx_stream_limit_conn_cleanup(cln->data);
+        cln = cln->next;
+    }
+    pool->cleanup = cln;
+}
+static ngx_int_t
+ngx_stream_limit_conn_init_zone(ngx_shm_zone_t *shm_zone, void *data)
+{
+    ngx_stream_limit_conn_ctx_t  *octx = data;
+    size_t                        len;
+    ngx_slab_pool_t              *shpool;
+    ngx_rbtree_node_t            *sentinel;
+    ngx_stream_limit_conn_ctx_t  *ctx;
+    ctx = shm_zone->data;
+    if (octx) {
+        ctx->rbtree = octx->rbtree;
+        return NGX_OK;
+    }
+    shpool = (ngx_slab_pool_t *) shm_zone->shm.addr;
+    if (shm_zone->shm.exists) {
+        ctx->rbtree = shpool->data;
+        return NGX_OK;
+    }
+    ctx->rbtree = ngx_slab_alloc(shpool, sizeof(ngx_rbtree_t));
+    if (ctx->rbtree == NULL) {
+        return NGX_ERROR;
+    }
+    shpool->data = ctx->rbtree;
+    sentinel = ngx_slab_alloc(shpool, sizeof(ngx_rbtree_node_t));
+    if (sentinel == NULL) {
+        return NGX_ERROR;
+    }
+    ngx_rbtree_init(ctx->rbtree, sentinel,
+                    ngx_stream_limit_conn_rbtree_insert_value);
+    len = sizeof(" in limit_conn_zone \"\"") + shm_zone->shm.name.len;
+    shpool->log_ctx = ngx_slab_alloc(shpool, len);
+    if (shpool->log_ctx == NULL) {
+        return NGX_ERROR;
+    }
+    ngx_sprintf(shpool->log_ctx, " in limit_conn_zone \"%V\"%Z",
+                &shm_zone->shm.name);
+    return NGX_OK;
+}
+static void *
+ngx_stream_limit_conn_create_conf(ngx_conf_t *cf)
+{
+    ngx_stream_limit_conn_conf_t  *conf;
+    conf = ngx_pcalloc(cf->pool, sizeof(ngx_stream_limit_conn_conf_t));
+    if (conf == NULL) {
+        return NULL;
+    }
+    /*
+     * set by ngx_pcalloc():
+     *
+     *     conf->limits.elts = NULL;
+     */
+    conf->log_level = NGX_CONF_UNSET_UINT;
+    return conf;
+}
+static char *
+ngx_stream_limit_conn_merge_conf(ngx_conf_t *cf, void *parent, void *child)
+{
+    ngx_stream_limit_conn_conf_t *prev = parent;
+    ngx_stream_limit_conn_conf_t *conf = child;
+    if (conf->limits.elts == NULL) {
+        conf->limits = prev->limits;
+    }
+    ngx_conf_merge_uint_value(conf->log_level, prev->log_level, NGX_LOG_ERR);
+    return NGX_CONF_OK;
+}
+static char *
+ngx_stream_limit_conn_zone(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
+{
+    u_char                       *p;
+    ssize_t                       size;
+    ngx_str_t                    *value, name, s;
+    ngx_uint_t                    i;
+    ngx_shm_zone_t               *shm_zone;
+    ngx_stream_limit_conn_ctx_t  *ctx;
+    value = cf->args->elts;
+    ctx = ngx_pcalloc(cf->pool, sizeof(ngx_stream_limit_conn_ctx_t));
+    if (ctx == NULL) {
+        return NGX_CONF_ERROR;
+    }
+    size = 0;
+    name.len = 0;
+    for (i = 2; i < cf->args->nelts; i++) {
+        if (ngx_strncmp(value[i].data, "zone=", 5) == 0) {
+            name.data = value[i].data + 5;
+            p = (u_char *) ngx_strchr(name.data, ':');
+            if (p == NULL) {
+                ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+                                   "invalid zone size \"%V\"", &value[i]);
+                return NGX_CONF_ERROR;
+            }
+            name.len = p - name.data;
+            s.data = p + 1;
+            s.len = value[i].data + value[i].len - s.data;
+            size = ngx_parse_size(&s);
+            if (size == NGX_ERROR) {
+                ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+                                   "invalid zone size \"%V\"", &value[i]);
+                return NGX_CONF_ERROR;
+            }
+            if (size < (ssize_t) (8 * ngx_pagesize)) {
+                ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+                                   "zone \"%V\" is too small", &value[i]);
+                return NGX_CONF_ERROR;
+            }
+            continue;
+        }
+        ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+                           "invalid parameter \"%V\"", &value[i]);
+        return NGX_CONF_ERROR;
+    }
+    if (name.len == 0) {
+        ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+                           "\"%V\" must have \"zone\" parameter",
+                           &cmd->name);
+        return NGX_CONF_ERROR;
+    }
+    shm_zone = ngx_shared_memory_add(cf, &name, size,
+                                     &ngx_stream_limit_conn_module);
+    if (shm_zone == NULL) {
+        return NGX_CONF_ERROR;
+    }
+    if (shm_zone->data) {
+        ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+                           "%V \"%V\" is already bound to key "
+                           "\"$binary_remote_addr\"",
+                           &cmd->name, &name);
+        return NGX_CONF_ERROR;
+    }
+    if (ngx_strcmp(value[1].data, "$binary_remote_addr") != 0) {
+        ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+                           "unsupported key \"%V\", use "
+                           "$binary_remote_addr", &value[1]);
+        return NGX_CONF_ERROR;
+    }
+    shm_zone->init = ngx_stream_limit_conn_init_zone;
+    shm_zone->data = ctx;
+    return NGX_CONF_OK;
+}
+static char *
+ngx_stream_limit_conn(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
+{
+    ngx_shm_zone_t                 *shm_zone;
+    ngx_stream_limit_conn_conf_t   *lccf = conf;
+    ngx_stream_limit_conn_limit_t  *limit, *limits;
+    ngx_str_t   *value;
+    ngx_int_t    n;
+    ngx_uint_t   i;
+    value = cf->args->elts;
+    shm_zone = ngx_shared_memory_add(cf, &value[1], 0,
+                                     &ngx_stream_limit_conn_module);
+    if (shm_zone == NULL) {
+        return NGX_CONF_ERROR;
+    }
+    limits = lccf->limits.elts;
+    if (limits == NULL) {
+        if (ngx_array_init(&lccf->limits, cf->pool, 1,
+                           sizeof(ngx_stream_limit_conn_limit_t))
+            != NGX_OK)
+        {
+            return NGX_CONF_ERROR;
+        }
+    }
+    for (i = 0; i < lccf->limits.nelts; i++) {
+        if (shm_zone == limits[i].shm_zone) {
+            return "is duplicate";
+        }
+    }
+    n = ngx_atoi(value[2].data, value[2].len);
+    if (n <= 0) {
+        ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+                           "invalid number of connections \"%V\"", &value[2]);
+        return NGX_CONF_ERROR;
+    }
+    if (n > 65535) {
+        ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+                           "connection limit must be less 65536");
+        return NGX_CONF_ERROR;
+    }
+    limit = ngx_array_push(&lccf->limits);
+    if (limit == NULL) {
+        return NGX_CONF_ERROR;
+    }
+    limit->conn = n;
+    limit->shm_zone = shm_zone;
+    return NGX_CONF_OK;
+}
+static ngx_int_t
+ngx_stream_limit_conn_init(ngx_conf_t *cf)
+{
+    ngx_stream_core_main_conf_t  *cmcf;
+    cmcf = ngx_stream_conf_get_module_main_conf(cf, ngx_stream_core_module);
+    cmcf->limit_conn_handler = ngx_stream_limit_conn_handler;
+    return NGX_OK;
+}