LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3660 Commits
1 Branch
46 MiB
Tree: 94f87dc1e1
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '94f87dc1e1'
${ noResults }
openwrt-packages-dist/net/nginx/patches/400-nginx-1.4.x_proxy_proto...

1183 lines
34 KiB
Raw Normal View History

nginx: import from packages, add myself as the maintainer This adds the nginx package from the old svn package fee. I adopt the licensing information and will maintain the package in the future. This request also updates nginx to the last stable version 1.4.7. It further adds support for - naxsi (the ngix web application firewall) - syslog module - http upstream check module - support for the haproxy Proxy Protocol (this way nginx can see the real ip address behind haproxy) Building was tested with target x86_64, ar71xx and avr32. Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
10 years ago
 
  1. Index: nginx-1.4.7/auto/modules

  2. ===================================================================

  3. --- nginx-1.4.7.orig/auto/modules

  4. +++ nginx-1.4.7/auto/modules

  5. @@ -297,6 +297,10 @@ if [ $HTTP_SSL = YES ]; then

  6.      HTTP_SRCS="$HTTP_SRCS $HTTP_SSL_SRCS"
  7.  fi
  8.  
  9. +if [ $PROXY_PROTOCOL = YES ]; then

  10. +    have=NGX_PROXY_PROTOCOL . auto/have

  11. +fi

  12. +

  13.  if [ $HTTP_PROXY = YES ]; then
  14.      have=NGX_HTTP_X_FORWARDED_FOR . auto/have
  15.      #USE_MD5=YES
  16. Index: nginx-1.4.7/auto/options

  17. ===================================================================

  18. --- nginx-1.4.7.orig/auto/options

  19. +++ nginx-1.4.7/auto/options

  20. @@ -47,6 +47,8 @@ USE_THREADS=NO

  21.  NGX_FILE_AIO=NO
  22.  NGX_IPV6=NO
  23.  
  24. +PROXY_PROTOCOL=NO

  25. +

  26.  HTTP=YES
  27.  
  28.  NGX_HTTP_LOG_PATH=
  29. @@ -192,6 +194,8 @@ do

  30.          --with-file-aio)                 NGX_FILE_AIO=YES           ;;
  31.          --with-ipv6)                     NGX_IPV6=YES               ;;
  32.  
  33. +        --with-proxy-protocol)           PROXY_PROTOCOL=YES         ;;

  34. +

  35.          --without-http)                  HTTP=NO                    ;;
  36.          --without-http-cache)            HTTP_CACHE=NO              ;;
  37.  
  38. @@ -350,6 +354,8 @@ cat << END

  39.    --with-file-aio                    enable file AIO support
  40.    --with-ipv6                        enable IPv6 support
  41.  
  42. +  --with-proxy-protocol              enable proxy protocol support

  43. +

  44.    --with-http_ssl_module             enable ngx_http_ssl_module
  45.    --with-http_spdy_module            enable ngx_http_spdy_module
  46.    --with-http_realip_module          enable ngx_http_realip_module
  47. Index: nginx-1.4.7/auto/sources

  48. ===================================================================

  49. --- nginx-1.4.7.orig/auto/sources

  50. +++ nginx-1.4.7/auto/sources

  51. @@ -36,7 +36,8 @@ CORE_DEPS="src/core/nginx.h \

  52.             src/core/ngx_conf_file.h \
  53.             src/core/ngx_resolver.h \
  54.             src/core/ngx_open_file_cache.h \
  55. -           src/core/ngx_crypt.h"

  56. +           src/core/ngx_crypt.h \

  57. +           src/core/ngx_proxy_protocol.h"

  58.  
  59.  
  60.  CORE_SRCS="src/core/nginx.c \
  61. @@ -67,7 +68,8 @@ CORE_SRCS="src/core/nginx.c \

  62.             src/core/ngx_conf_file.c \
  63.             src/core/ngx_resolver.c \
  64.             src/core/ngx_open_file_cache.c \
  65. -           src/core/ngx_crypt.c"

  66. +           src/core/ngx_crypt.c \

  67. +           src/core/ngx_proxy_protocol.c"

  68.  
  69.  
  70.  REGEX_MODULE=ngx_regex_module
  71. Index: nginx-1.4.7/src/core/ngx_connection.h

  72. ===================================================================

  73. --- nginx-1.4.7.orig/src/core/ngx_connection.h

  74. +++ nginx-1.4.7/src/core/ngx_connection.h

  75. @@ -63,6 +63,10 @@ struct ngx_listening_s {

  76.      unsigned            shared:1;    /* shared between threads or processes */
  77.      unsigned            addr_ntop:1;
  78.  
  79. +#if (NGX_PROXY_PROTOCOL)

  80. +    unsigned            accept_proxy_protocol:2; /* proxy_protocol flag */

  81. +#endif

  82. +

  83.  #if (NGX_HAVE_INET6 && defined IPV6_V6ONLY)
  84.      unsigned            ipv6only:1;
  85.  #endif
  86. @@ -148,6 +152,10 @@ struct ngx_connection_s {

  87.  
  88.      ngx_uint_t          requests;
  89.  
  90. +#if (NGX_PROXY_PROTOCOL)

  91. +    ngx_uint_t          proxy_protocol;

  92. +#endif

  93. +

  94.      unsigned            buffered:8;
  95.  
  96.      unsigned            log_error:3;     /* ngx_connection_log_error_e */
  97. Index: nginx-1.4.7/src/core/ngx_core.h

  98. ===================================================================

  99. --- nginx-1.4.7.orig/src/core/ngx_core.h

  100. +++ nginx-1.4.7/src/core/ngx_core.h

  101. @@ -77,6 +77,9 @@ typedef void (*ngx_connection_handler_pt

  102.  #include <ngx_open_file_cache.h>
  103.  #include <ngx_os.h>
  104.  #include <ngx_connection.h>
  105. +#if (NGX_PROXY_PROTOCOL)

  106. +#include <ngx_proxy_protocol.h>

  107. +#endif

  108.  
  109.  
  110.  #define LF     (u_char) 10
  111. Index: nginx-1.4.7/src/core/ngx_proxy_protocol.c

  112. ===================================================================

  113. --- /dev/null

  114. +++ nginx-1.4.7/src/core/ngx_proxy_protocol.c

  115. @@ -0,0 +1,430 @@

  116. +

  117. +/*

  118. + * Copyright (C) Baptiste Assmann

  119. + * Copyright (C) Exceliance

  120. + */

  121. +

  122. +

  123. +#include <ngx_config.h>

  124. +#include <ngx_core.h>

  125. +#include <ngx_event.h>

  126. +

  127. +#if (NGX_PROXY_PROTOCOL)

  128. +

  129. +int

  130. +ngx_recv_proxy_protocol(ngx_connection_t *c, u_char *buf, ssize_t n)

  131. +{

  132. +    u_char *end, *p, *t;

  133. +    size_t len;

  134. +    ssize_t s;

  135. +    int step = 0;

  136. +    ngx_proxy_protocol_t pp;

  137. +

  138. +    ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "processing proxy protocol");

  139. +

  140. +    /* 16 is the minimal length of the proxy protocol string */

  141. +    if (n < 18) {

  142. +        step = 1;

  143. +        goto fail;

  144. +    }

  145. +

  146. +    s = n;

  147. +    end = memchr(buf, '\n', n);

  148. +    if (end == NULL) {

  149. +        step = 2;

  150. +        goto fail;

  151. +    }

  152. +

  153. +    p = buf;

  154. +    if (memcmp(p, "PROXY ", 6) != 0) {

  155. +        ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,

  156. +            "incorrect proxy protocol header string");

  157. +        step = 3;

  158. +        goto fail;

  159. +    }

  160. +    p += 6;

  161. +    s -= 6;

  162. +    if (s <= 0) {

  163. +        step = 4;

  164. +        goto fail;

  165. +    }

  166. +

  167. +    ngx_memzero(&pp, sizeof(ngx_proxy_protocol_t));

  168. +

  169. +    if (memcmp(p, "TCP4 ", 5) == 0) {

  170. +        struct sockaddr_in *sin_src;

  171. +        struct sockaddr_in *sin_dst;

  172. +

  173. +        pp.pp_proto = NGX_PP_PROTO_TCP4;

  174. +        pp.pp_src3.ss_family = AF_INET;

  175. +        pp.pp_dst3.ss_family = AF_INET;

  176. +        sin_src = (struct sockaddr_in *) &pp.pp_src3;

  177. +        sin_dst = (struct sockaddr_in *) &pp.pp_dst3;

  178. +

  179. +        p += 5;

  180. +        s -= 5;

  181. +        if (s <= 0) {

  182. +            step = 5;

  183. +            goto fail;

  184. +        }

  185. +

  186. +        /* l3 source address */

  187. +        if ( (t = (u_char *)memchr(p, ' ', s)) == NULL ) {

  188. +            step = 6;

  189. +            goto fail;

  190. +        }

  191. +        len = t - p;

  192. +        if ((sin_src->sin_addr.s_addr = ngx_inet_addr(p, len)) == INADDR_NONE) {

  193. +            step = 7;

  194. +            goto fail;

  195. +        }

  196. +        pp.pp_src3_text.data = ngx_pcalloc(c->pool, len + 1);

  197. +        ngx_memcpy(pp.pp_src3_text.data, p, len);

  198. +        pp.pp_src3_text.len = len;

  199. +

  200. +        p += (len + 1);

  201. +        s -= (len + 1);

  202. +        if (s <= 0) {

  203. +            step = 8;

  204. +            goto fail;

  205. +        }

  206. +

  207. +        /* l3 destination address */

  208. +        if ( (t = (u_char *)memchr(p, ' ', s)) == NULL ) {

  209. +            step = 9;

  210. +            goto fail;

  211. +        }

  212. +        len = t - p;

  213. +        if ((sin_dst->sin_addr.s_addr = ngx_inet_addr(p, len)) == INADDR_NONE) {

  214. +            step = 10;

  215. +            goto fail;

  216. +        }

  217. +// FIXME pointer shift ???

  218. +        pp.pp_dst3_text.data = ngx_pcalloc(c->pool, len + 1);

  219. +        ngx_memcpy(pp.pp_dst3_text.data, p, len);

  220. +        pp.pp_dst3_text.len = len;

  221. +

  222. +        p += (len + 1);

  223. +        s -= (len + 1);

  224. +        if (s <= 0) {

  225. +            step = 11;

  226. +            goto fail;

  227. +        }

  228. +

  229. +        /* l4 source port */

  230. +        if ( (t = (u_char *)memchr(p, ' ', s)) == NULL ) {

  231. +            step = 12;

  232. +            goto fail;

  233. +        }

  234. +        len = t - p;

  235. +        pp.pp_src4 = ngx_atoi(p, len);

  236. +        if ((pp.pp_src4 < 1024)

  237. +                || (pp.pp_src4 > 65535)) {

  238. +            step = 13;

  239. +            goto fail;

  240. +        }

  241. +        sin_src->sin_port = htons(pp.pp_src4);

  242. +

  243. +        p += (len + 1);

  244. +        s -= (len + 1);

  245. +        if (s <= 0) {

  246. +            step = 14;

  247. +            goto fail;

  248. +        }

  249. +

  250. +        /* l4 destination port */

  251. +        if ( (t = (u_char *)memchr(p, '\r', s)) == NULL ) {

  252. +            step = 15;

  253. +            goto fail;

  254. +        }

  255. +        len = t - p;

  256. +        pp.pp_dst4 = ngx_atoi(p, len);

  257. +        if (pp.pp_dst4 > 65535) {

  258. +            step = 16;

  259. +            goto fail;

  260. +        }

  261. +        sin_dst->sin_port = htons(pp.pp_dst4);

  262. +

  263. +        if (p[len + 1] != '\n') {

  264. +            step = 17;

  265. +            goto fail;

  266. +        }

  267. +

  268. +        p += (len + 2);

  269. +        s -= (len + 2);

  270. +

  271. +

  272. +        /* if we managed to get there, then we can safely replace the

  273. +         * information in the connection structure

  274. +         */

  275. +

  276. +        /* updating connection with source information provided by proxy protocol */

  277. +        if (pp.pp_src3_text.len > c->addr_text.len) {

  278. +            ngx_pfree(c->pool, c->addr_text.data);

  279. +            c->addr_text.data = ngx_pcalloc(c->pool, pp.pp_src3_text.len);

  280. +        } else {

  281. +            ngx_memzero(c->addr_text.data, c->addr_text.len);

  282. +        }

  283. +        ngx_memcpy(c->addr_text.data, pp.pp_src3_text.data, pp.pp_src3_text.len);

  284. +        c->addr_text.len = pp.pp_src3_text.len;

  285. +

  286. +        ngx_pfree(c->pool, c->sockaddr);

  287. +        c->socklen = NGX_SOCKADDRLEN;

  288. +        c->sockaddr = ngx_pcalloc(c->pool, c->socklen);

  289. +        ngx_memcpy(c->sockaddr, sin_src, c->socklen);

  290. +

  291. +        if (c->sockaddr->sa_family != AF_INET) {

  292. +            ngx_pfree(c->pool, c->sockaddr);

  293. +            c->socklen = NGX_SOCKADDRLEN;

  294. +            c->sockaddr = ngx_pcalloc(c->pool, c->socklen);

  295. +        } else {

  296. +            ngx_memzero(c->sockaddr, sizeof(struct sockaddr_in));

  297. +            c->socklen = NGX_SOCKADDRLEN;

  298. +        }

  299. +        ngx_memcpy(c->sockaddr, sin_src, c->socklen);

  300. +

  301. +        /* updating connection with destination information provided by proxy protocol */

  302. +        ngx_pfree(c->pool, c->local_sockaddr);

  303. +        c->local_sockaddr = ngx_pcalloc(c->pool, NGX_SOCKADDRLEN);

  304. +        ngx_memcpy(c->local_sockaddr, sin_dst, NGX_SOCKADDRLEN);

  305. +

  306. +    }

  307. +

  308. +#if (NGX_HAVE_INET6)

  309. +

  310. +     else if (memcmp(p, "TCP6 ", 5) == 0) {

  311. +

  312. +        struct sockaddr_in6 *sin6_src;

  313. +        struct sockaddr_in6 *sin6_dst;

  314. +

  315. +        pp.pp_proto = NGX_PP_PROTO_TCP6;

  316. +        pp.pp_src3.ss_family = AF_INET6;

  317. +        pp.pp_dst3.ss_family = AF_INET6;

  318. +        sin6_src = (struct sockaddr_in6 *) &pp.pp_src3;

  319. +        sin6_dst = (struct sockaddr_in6 *) &pp.pp_dst3;

  320. +

  321. +        p += 5;

  322. +        s -= 5;

  323. +        if (s <= 0) {

  324. +            step = 18;

  325. +            goto fail;

  326. +        }

  327. +

  328. +        /* l3 source address */

  329. +        if ( (t = (u_char *)memchr(p, ' ', s)) == NULL ) {

  330. +            step = 19;

  331. +            goto fail;

  332. +        }

  333. +        len = t - p;

  334. +        if (ngx_inet6_addr(p, len, sin6_src->sin6_addr.s6_addr) != NGX_OK) {

  335. +            step = 20;

  336. +            goto fail;

  337. +        }

  338. +        pp.pp_src3_text.data = ngx_pcalloc(c->pool, len + 1);

  339. +        ngx_memcpy(pp.pp_src3_text.data, p, len);

  340. +        pp.pp_src3_text.len = len;

  341. +

  342. +        p += (len + 1);

  343. +        s -= (len + 1);

  344. +        if (s <= 0) {

  345. +            step = 21;

  346. +            goto fail;

  347. +        }

  348. +

  349. +        /* l3 destination address */

  350. +        if ( (t = (u_char *)memchr(p, ' ', s)) == NULL ) {

  351. +            step = 22;

  352. +            goto fail;

  353. +        }

  354. +        len = t - p;

  355. +        if (ngx_inet6_addr(p, len, sin6_dst->sin6_addr.s6_addr) != NGX_OK) {

  356. +            step = 23;

  357. +            goto fail;

  358. +        }

  359. +        pp.pp_dst3_text.data = ngx_pcalloc(c->pool, len + 1);

  360. +        ngx_memcpy(pp.pp_dst3_text.data, p, len);

  361. +        pp.pp_dst3_text.len = len;

  362. +

  363. +        p += (len + 1);

  364. +        s -= (len + 1);

  365. +        if (s <= 0) {

  366. +            step = 24;

  367. +            goto fail;

  368. +        }

  369. +

  370. +        /* l4 source port */

  371. +        if ( (t = (u_char *)memchr(p, ' ', s)) == NULL ) {

  372. +            step = 25;

  373. +            goto fail;

  374. +        }

  375. +        len = t - p;

  376. +        pp.pp_src4 = ngx_atoi(p, len);

  377. +        if ((pp.pp_src4 < 1024)

  378. +                || (pp.pp_src4 > 65535)) {

  379. +            step = 26;

  380. +            goto fail;

  381. +        }

  382. +        sin6_src->sin6_port = htons(pp.pp_src4);

  383. +

  384. +        p += (len + 1);

  385. +        s -= (len + 1);

  386. +        if (s <= 0) {

  387. +            step = 27;

  388. +            goto fail;

  389. +        }

  390. +

  391. +        /* l4 destination port */

  392. +        if ( (t = (u_char *)memchr(p, '\r', s)) == NULL ) {

  393. +            step = 28;

  394. +            goto fail;

  395. +        }

  396. +        len = t - p;

  397. +        pp.pp_dst4 = ngx_atoi(p, len);

  398. +        if (pp.pp_dst4 > 65535) {

  399. +            step = 29;

  400. +            goto fail;

  401. +        }

  402. +        sin6_dst->sin6_port = htons(pp.pp_dst4);

  403. +

  404. +        if (p[len + 1] != '\n') {

  405. +            step = 30;

  406. +            goto fail;

  407. +        }

  408. +

  409. +        p += (len + 2);

  410. +        s -= (len + 2);

  411. +

  412. +        /* if we managed to get there, then we can safely replace the

  413. +         * information in the connection structure

  414. +         */

  415. +

  416. +        /* updating connection with source provided by proxy protocol */

  417. +        if (pp.pp_src3_text.len > c->addr_text.len) {

  418. +            ngx_pfree(c->pool, c->addr_text.data);

  419. +            c->addr_text.data = ngx_pcalloc(c->pool, pp.pp_src3_text.len);

  420. +        } else {

  421. +            ngx_memzero(c->addr_text.data, c->addr_text.len);

  422. +        }

  423. +        ngx_memcpy(c->addr_text.data, pp.pp_src3_text.data, pp.pp_src3_text.len);

  424. +        c->addr_text.len = pp.pp_src3_text.len;

  425. +

  426. +        ngx_pfree(c->pool, c->sockaddr);

  427. +        c->socklen = NGX_SOCKADDRLEN;

  428. +        c->sockaddr = ngx_pcalloc(c->pool, c->socklen);

  429. +        ngx_memcpy(c->sockaddr, sin6_src, c->socklen);

  430. +

  431. +        /* updating connection with destination provided by proxy protocol */

  432. +        if (c->sockaddr->sa_family != AF_INET6) {

  433. +            ngx_pfree(c->pool, c->local_sockaddr);

  434. +            c->local_sockaddr = ngx_pcalloc(c->pool, NGX_SOCKADDRLEN);

  435. +        } else {

  436. +            ngx_memzero(c->sockaddr, sizeof(struct sockaddr_in6));

  437. +            c->socklen = NGX_SOCKADDRLEN;

  438. +        }

  439. +//        ngx_memcpy(c->local_sockaddr, sin6_dst, NGX_SOCKADDRLEN);

  440. +//FIXME must be finished here

  441. +

  442. +    }

  443. +

  444. +#endif

  445. +

  446. +    else {

  447. +        step = 31;

  448. +        goto fail;

  449. +    }

  450. +

  451. +    ngx_print_proxy_protocol(&pp, c->log);

  452. +

  453. +    ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,

  454. +            "proxy_protocol, asking to remove %z chars",

  455. +            end + 1 - buf);

  456. +

  457. +    return (end + 1 - buf);

  458. +

  459. +fail:

  460. +    ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,

  461. +            "proxy_protocol error at step: %d", step);

  462. +

  463. +    return 0;

  464. +

  465. +}

  466. +

  467. +

  468. +void

  469. +ngx_print_proxy_protocol(ngx_proxy_protocol_t *p, ngx_log_t *log)

  470. +{

  471. +    switch (p->pp_proto) {

  472. +        case NGX_PP_PROTO_TCP4:

  473. +           ngx_log_debug0(NGX_LOG_DEBUG_EVENT, log, 0,

  474. +               "proxy_protocol, proto: TCP4");

  475. +        break;

  476. +        case NGX_PP_PROTO_TCP6:

  477. +           ngx_log_debug0(NGX_LOG_DEBUG_EVENT, log, 0,

  478. +               "proxy_protocol, proto: TCP6");

  479. +       break;

  480. +   }

  481. +

  482. +    ngx_log_debug1(NGX_LOG_DEBUG_EVENT, log, 0,

  483. +       "proxy_protocol, string length: %d", ngx_proxy_protocol_string_length(p));

  484. +    ngx_log_debug2(NGX_LOG_DEBUG_EVENT, log, 0,

  485. +       "proxy_protocol, src3: %s, %d", p->pp_src3_text.data, p->pp_src3_text.len);

  486. +    ngx_log_debug2(NGX_LOG_DEBUG_EVENT, log, 0,

  487. +       "proxy_protocol, dst3: %s, %d", p->pp_dst3_text.data, p->pp_dst3_text.len);

  488. +    ngx_log_debug1(NGX_LOG_DEBUG_EVENT, log, 0,

  489. +       "proxy_protocol, src4: %d", p->pp_src4);

  490. +    ngx_log_debug1(NGX_LOG_DEBUG_EVENT, log, 0,

  491. +       "proxy_protocol, dst4: %d", p->pp_dst4);

  492. +}

  493. +

  494. +

  495. +int

  496. +ngx_proxy_protocol_string_length(ngx_proxy_protocol_t *p)

  497. +{

  498. +    int len = 0;

  499. +

  500. +    /* 'PROXY ' */

  501. +    len += (sizeof("PROXY ") - 1);

  502. +

  503. +    /* protocol version (TCP4 or TCP6) + space */

  504. +    len += (sizeof("TCP0 ") - 1);

  505. +

  506. +    /* src3 + space */

  507. +    len += p->pp_src3_text.len;

  508. +    len += 1;

  509. +

  510. +    /* dst3 + space */

  511. +    len += p->pp_dst3_text.len;

  512. +    len += 1;

  513. +

  514. +    /* src4 */

  515. +    if (p->pp_src4 < 10000)

  516. +        /* 4 digits + 1 space */

  517. +        len += (sizeof("0000 ") - 1);

  518. +    else

  519. +        /* 5 digits + 1 space */

  520. +        len += (sizeof("00000 ") - 1);

  521. +

  522. +    /* dst4 */

  523. +    if (p->pp_dst4 >= 10000)

  524. +        /* 5 digits */

  525. +        len += (sizeof("00000 ") - 1);

  526. +    else if (p->pp_dst4 >= 1000)

  527. +        /* 4 digits */

  528. +        len += (sizeof("0000 ") - 1);

  529. +    else if (p->pp_dst4 >= 100)

  530. +        /* 3 digits */

  531. +        len += (sizeof("000 ") - 1);

  532. +    else if (p->pp_dst4 >= 10)

  533. +        /* 2 digits */

  534. +        len += (sizeof("00 ") - 1);

  535. +    else

  536. +        /* 1 digit */

  537. +        len += (sizeof("0 ") - 1);

  538. +

  539. +    /* CRLF */

  540. +    len += (sizeof(CRLF) - 1);

  541. +

  542. +    return len - 1;

  543. +}

  544. +

  545. +#endif

  546. Index: nginx-1.4.7/src/core/ngx_proxy_protocol.h

  547. ===================================================================

  548. --- /dev/null

  549. +++ nginx-1.4.7/src/core/ngx_proxy_protocol.h

  550. @@ -0,0 +1,45 @@

  551. +

  552. +/*

  553. + * Copyright (C) Baptiste Assmann

  554. + * Copyright (C) Exceliance

  555. + */

  556. +

  557. +

  558. +#ifndef _NGX_PROXY_PROTOCOL_H_INCLUDED_

  559. +#define _NGX_PROXY_PROTOCOL_H_INCLUDED_

  560. +

  561. +

  562. +#include <ngx_config.h>

  563. +#include <ngx_core.h>

  564. +

  565. +

  566. +#if (NGX_PROXY_PROTOCOL)

  567. +

  568. +typedef struct ngx_proxy_protocol_s ngx_proxy_protocol_t;

  569. +

  570. +typedef enum {

  571. +    NGX_PP_PROTO_TCP4 = 1,

  572. +    NGX_PP_PROTO_TCP6

  573. +} ngx_pp_proto;

  574. +

  575. +

  576. +struct ngx_proxy_protocol_s {

  577. +    unsigned int	    pp_proto;	/* proxy protocol related information */

  578. +    struct sockaddr_storage pp_src3;

  579. +    ngx_str_t		    pp_src3_text;

  580. +    struct sockaddr_storage pp_dst3;

  581. +    ngx_str_t		    pp_dst3_text;

  582. +    unsigned int	    pp_src4;

  583. +    unsigned int	    pp_dst4;

  584. +};

  585. +

  586. +

  587. +int  ngx_recv_proxy_protocol(ngx_connection_t *, u_char *, ssize_t);

  588. +void ngx_print_proxy_protocol(ngx_proxy_protocol_t *, ngx_log_t *);

  589. +int  ngx_proxy_protocol_string_length(ngx_proxy_protocol_t *);

  590. +

  591. +

  592. +#endif

  593. +

  594. +#endif /* _NGX_CONNECTION_H_INCLUDED_ */

  595. +

  596. Index: nginx-1.4.7/src/http/modules/ngx_http_proxy_module.c

  597. ===================================================================

  598. --- nginx-1.4.7.orig/src/http/modules/ngx_http_proxy_module.c

  599. +++ nginx-1.4.7/src/http/modules/ngx_http_proxy_module.c

  600. @@ -8,7 +8,9 @@

  601.  #include <ngx_config.h>
  602.  #include <ngx_core.h>
  603.  #include <ngx_http.h>
  604. -

  605. +#if (NGX_PROXY_PROTOCOL)

  606. +#include <ngx_proxy_protocol.h>

  607. +#endif

  608.  
  609.  typedef struct ngx_http_proxy_rewrite_s  ngx_http_proxy_rewrite_t;
  610.  
  611. @@ -365,6 +367,17 @@ static ngx_command_t  ngx_http_proxy_com

  612.        offsetof(ngx_http_proxy_loc_conf_t, upstream.busy_buffers_size_conf),
  613.        NULL },
  614.  
  615. +#if (NGX_PROXY_PROTOCOL)

  616. +

  617. +    { ngx_string("send_proxy_protocol"),

  618. +      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,

  619. +      ngx_conf_set_flag_slot,

  620. +      NGX_HTTP_LOC_CONF_OFFSET,

  621. +      offsetof(ngx_http_proxy_loc_conf_t, upstream.send_proxy_protocol),

  622. +      NULL },

  623. +

  624. +#endif

  625. +

  626.  #if (NGX_HTTP_CACHE)
  627.  
  628.      { ngx_string("proxy_cache"),
  629. @@ -2420,6 +2433,11 @@ ngx_http_proxy_create_loc_conf(ngx_conf_

  630.      conf->upstream.pass_headers = NGX_CONF_UNSET_PTR;
  631.  
  632.      conf->upstream.intercept_errors = NGX_CONF_UNSET;
  633. +

  634. +#if (NGX_PROXY_PROTOCOL)

  635. +    conf->upstream.send_proxy_protocol = NGX_CONF_UNSET;

  636. +#endif

  637. +

  638.  #if (NGX_HTTP_SSL)
  639.      conf->upstream.ssl_session_reuse = NGX_CONF_UNSET;
  640.  #endif
  641. @@ -2695,6 +2713,11 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t

  642.      ngx_conf_merge_value(conf->upstream.intercept_errors,
  643.                                prev->upstream.intercept_errors, 0);
  644.  
  645. +#if (NGX_PROXY_PROTOCOL)

  646. +    ngx_conf_merge_value(conf->upstream.send_proxy_protocol,

  647. +                              prev->upstream.send_proxy_protocol, 0);

  648. +#endif

  649. +

  650.  #if (NGX_HTTP_SSL)
  651.      ngx_conf_merge_value(conf->upstream.ssl_session_reuse,
  652.                                prev->upstream.ssl_session_reuse, 1);
  653. Index: nginx-1.4.7/src/http/ngx_http.c

  654. ===================================================================

  655. --- nginx-1.4.7.orig/src/http/ngx_http.c

  656. +++ nginx-1.4.7/src/http/ngx_http.c

  657. @@ -1228,6 +1228,9 @@ ngx_http_add_addresses(ngx_conf_t *cf, n

  658.  #if (NGX_HTTP_SPDY)
  659.      ngx_uint_t             spdy;
  660.  #endif
  661. +#if (NGX_PROXY_PROTOCOL)

  662. +    ngx_uint_t             accept_proxy_protocol;

  663. +#endif

  664.  
  665.      /*
  666.       * we cannot compare whole sockaddr struct's as kernel
  667. @@ -1283,6 +1286,10 @@ ngx_http_add_addresses(ngx_conf_t *cf, n

  668.  #if (NGX_HTTP_SPDY)
  669.          spdy = lsopt->spdy || addr[i].opt.spdy;
  670.  #endif
  671. +#if (NGX_PROXY_PROTOCOL)

  672. +        accept_proxy_protocol = lsopt->accept_proxy_protocol

  673. +                                || addr[i].opt.accept_proxy_protocol;

  674. +#endif

  675.  
  676.          if (lsopt->set) {
  677.  
  678. @@ -1316,6 +1323,9 @@ ngx_http_add_addresses(ngx_conf_t *cf, n

  679.  #if (NGX_HTTP_SPDY)
  680.          addr[i].opt.spdy = spdy;
  681.  #endif
  682. +#if (NGX_PROXY_PROTOCOL)

  683. +        addr[i].opt.accept_proxy_protocol = accept_proxy_protocol;

  684. +#endif

  685.  
  686.          return NGX_OK;
  687.      }
  688. @@ -1762,6 +1772,11 @@ ngx_http_add_listening(ngx_conf_t *cf, n

  689.      ls->pool_size = cscf->connection_pool_size;
  690.      ls->post_accept_timeout = cscf->client_header_timeout;
  691.  
  692. +#if (NGX_PROXY_PROTOCOL)

  693. +// CLEANUP:    ls->accept_proxy_protocol = cscf->accept_proxy_protocol;

  694. +    ls->accept_proxy_protocol = addr->opt.accept_proxy_protocol;

  695. +#endif

  696. +

  697.      clcf = cscf->ctx->loc_conf[ngx_http_core_module.ctx_index];
  698.  
  699.      ls->logp = clcf->error_log;
  700. @@ -1840,6 +1855,9 @@ ngx_http_add_addrs(ngx_conf_t *cf, ngx_h

  701.  #if (NGX_HTTP_SPDY)
  702.          addrs[i].conf.spdy = addr[i].opt.spdy;
  703.  #endif
  704. +#if (NGX_PROXY_PROTOCOL)

  705. +        addrs[i].conf.accept_proxy_protocol = addr[i].opt.accept_proxy_protocol;

  706. +#endif

  707.  
  708.          if (addr[i].hash.buckets == NULL
  709.              && (addr[i].wc_head == NULL
  710. @@ -1904,6 +1922,9 @@ ngx_http_add_addrs6(ngx_conf_t *cf, ngx_

  711.  #if (NGX_HTTP_SPDY)
  712.          addrs6[i].conf.spdy = addr[i].opt.spdy;
  713.  #endif
  714. +#if (NGX_PROXY_PROTOCOL)

  715. +        addrs6[i].conf.accept_proxy_protocol = addr[i].opt.accept_proxy_protocol;

  716. +#endif

  717.  
  718.          if (addr[i].hash.buckets == NULL
  719.              && (addr[i].wc_head == NULL
  720. Index: nginx-1.4.7/src/http/ngx_http_core_module.c

  721. ===================================================================

  722. --- nginx-1.4.7.orig/src/http/ngx_http_core_module.c

  723. +++ nginx-1.4.7/src/http/ngx_http_core_module.c

  724. @@ -4090,6 +4090,15 @@ ngx_http_core_listen(ngx_conf_t *cf, ngx

  725.              continue;
  726.          }
  727.  
  728. +#if (NGX_PROXY_PROTOCOL)

  729. +        if (ngx_strncmp(value[n].data, "accept_proxy_protocol=on", 24) == 0) {

  730. +            lsopt.accept_proxy_protocol = 1;

  731. +            lsopt.set = 1;

  732. +            lsopt.bind = 1;

  733. +            continue;

  734. +        }

  735. +#endif

  736. +

  737.          if (ngx_strncmp(value[n].data, "ipv6only=o", 10) == 0) {
  738.  #if (NGX_HAVE_INET6 && defined IPV6_V6ONLY)
  739.              struct sockaddr  *sa;
  740. Index: nginx-1.4.7/src/http/ngx_http_core_module.h

  741. ===================================================================

  742. --- nginx-1.4.7.orig/src/http/ngx_http_core_module.h

  743. +++ nginx-1.4.7/src/http/ngx_http_core_module.h

  744. @@ -78,6 +78,11 @@ typedef struct {

  745.  #if (NGX_HTTP_SPDY)
  746.      unsigned                   spdy:1;
  747.  #endif
  748. +

  749. +#if (NGX_PROXY_PROTOCOL)

  750. +    unsigned                   accept_proxy_protocol:2;

  751. +#endif

  752. +

  753.  #if (NGX_HAVE_INET6 && defined IPV6_V6ONLY)
  754.      unsigned                   ipv6only:1;
  755.  #endif
  756. @@ -234,6 +239,10 @@ struct ngx_http_addr_conf_s {

  757.  
  758.      ngx_http_virtual_names_t  *virtual_names;
  759.  
  760. +#if (NGX_PROXY_PROTOCOL)

  761. +    ngx_flag_t                  accept_proxy_protocol;

  762. +#endif

  763. +

  764.  #if (NGX_HTTP_SSL)
  765.      unsigned                   ssl:1;
  766.  #endif
  767. Index: nginx-1.4.7/src/http/ngx_http_request.c

  768. ===================================================================

  769. --- nginx-1.4.7.orig/src/http/ngx_http_request.c

  770. +++ nginx-1.4.7/src/http/ngx_http_request.c

  771. @@ -63,6 +63,9 @@ static void ngx_http_ssl_handshake(ngx_e

  772.  static void ngx_http_ssl_handshake_handler(ngx_connection_t *c);
  773.  #endif
  774.  
  775. +#if (NGX_PROXY_PROTOCOL)

  776. +static void ngx_http_proxy_protocol(ngx_event_t *rev);

  777. +#endif

  778.  
  779.  static char *ngx_http_client_errors[] = {
  780.  
  781. @@ -343,6 +346,14 @@ ngx_http_init_connection(ngx_connection_

  782.      }
  783.  #endif
  784.  
  785. +#if (NGX_PROXY_PROTOCOL)

  786. +    {

  787. +        if (hc->addr_conf->accept_proxy_protocol) {

  788. +            rev->handler = ngx_http_proxy_protocol;

  789. +        }

  790. +    }

  791. +#endif

  792. +

  793.      if (rev->ready) {
  794.          /* the deferred accept(), rtsig, aio, iocp */
  795.  
  796. @@ -364,7 +375,6 @@ ngx_http_init_connection(ngx_connection_

  797.      }
  798.  }
  799.  
  800. -

  801.  static void
  802.  ngx_http_wait_request_handler(ngx_event_t *rev)
  803.  {
  804. @@ -469,6 +479,12 @@ ngx_http_wait_request_handler(ngx_event_

  805.      }
  806.  
  807.      rev->handler = ngx_http_process_request_line;
  808. +

  809. +#if (NGX_PROXY_PROTOCOL)

  810. +    if (hc->addr_conf->accept_proxy_protocol)

  811. +        rev->handler = ngx_http_proxy_protocol;

  812. +#endif

  813. +

  814.      ngx_http_process_request_line(rev);
  815.  }
  816.  
  817. @@ -582,6 +598,67 @@ ngx_http_create_request(ngx_connection_t

  818.      return r;
  819.  }
  820.  
  821. +#if (NGX_PROXY_PROTOCOL)

  822. +

  823. +static void

  824. +ngx_http_proxy_protocol(ngx_event_t *rev)

  825. +{

  826. +    ssize_t                n;

  827. +    size_t                 size = 1024;

  828. +    u_char                 tmpbuf[size];

  829. +    ngx_connection_t      *c;

  830. +    ngx_http_connection_t *hc;

  831. +

  832. +    c = rev->data;

  833. +    hc = c->data;

  834. +    rev->handler = ngx_http_wait_request_handler;

  835. +

  836. +#if (NGX_HTTP_SPDY)

  837. +    {

  838. +        if (hc->addr_conf->spdy) {

  839. +            rev->handler = ngx_http_spdy_init;

  840. +        }

  841. +    }

  842. +#endif

  843. +

  844. +#if (NGX_HTTP_SSL)

  845. +    {

  846. +        if (hc->addr_conf->ssl) {

  847. +            rev->handler = ngx_http_ssl_handshake;

  848. +        }

  849. +    }

  850. +#endif

  851. +

  852. +    n = recv(c->fd, tmpbuf, size, MSG_PEEK);

  853. +

  854. +    if ((n <= 0) && (c->listening)

  855. +            && (hc->addr_conf->accept_proxy_protocol)

  856. +	    && (!c->proxy_protocol)) {

  857. +        ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "ngx_http_proxy_protocol: pp required but not found");

  858. +        return;

  859. +    }

  860. +    if ((n > 0) && (c->listening)

  861. +            && (hc->addr_conf->accept_proxy_protocol)

  862. +	    && (!c->proxy_protocol)) {

  863. +        ssize_t m;

  864. +        if (!(m = ngx_recv_proxy_protocol(c, tmpbuf, n))) {

  865. +            ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "ngx_http_proxy_protocol: pp required but not found");

  866. +            ngx_http_close_connection(c);

  867. +            return;

  868. +        }

  869. +        ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "ngx_http_proxy_protocol: pp required and found");

  870. +

  871. +        c->proxy_protocol = 1;

  872. +

  873. +        /* strip the proxy protocol string from the buffer */

  874. +        recv(c->fd, tmpbuf, m, 0);

  875. +    }

  876. +

  877. +    rev->handler(rev);

  878. +}

  879. +

  880. +#endif

  881. +

  882.  
  883.  #if (NGX_HTTP_SSL)
  884.  
  885. Index: nginx-1.4.7/src/http/ngx_http_upstream.c

  886. ===================================================================

  887. --- nginx-1.4.7.orig/src/http/ngx_http_upstream.c

  888. +++ nginx-1.4.7/src/http/ngx_http_upstream.c

  889. @@ -31,6 +31,10 @@ static ngx_int_t ngx_http_upstream_reini

  890.      ngx_http_upstream_t *u);
  891.  static void ngx_http_upstream_send_request(ngx_http_request_t *r,
  892.      ngx_http_upstream_t *u);
  893. +#if (NGX_PROXY_PROTOCOL)

  894. +static void ngx_http_upstream_send_proxy_protocol(ngx_http_request_t *r,

  895. +    ngx_http_upstream_t *u);

  896. +#endif

  897.  static void ngx_http_upstream_send_request_handler(ngx_http_request_t *r,
  898.      ngx_http_upstream_t *u);
  899.  static void ngx_http_upstream_process_header(ngx_http_request_t *r,
  900. @@ -1255,6 +1259,13 @@ ngx_http_upstream_connect(ngx_http_reque

  901.  
  902.      u->request_sent = 0;
  903.  
  904. +#if (NGX_PROXY_PROTOCOL)

  905. +    if (u->conf->send_proxy_protocol && !(u->ssl && c->ssl == NULL)) {

  906. +        ngx_http_upstream_send_proxy_protocol(r, u);

  907. +	return;

  908. +    }

  909. +#endif

  910. +

  911.      if (rc == NGX_AGAIN) {
  912.          ngx_add_timer(c->write, u->conf->connect_timeout);
  913.          return;
  914. @@ -1498,6 +1509,228 @@ ngx_http_upstream_send_request(ngx_http_

  915.  }
  916.  
  917.  
  918. +#if (NGX_PROXY_PROTOCOL)

  919. +

  920. +static void

  921. +ngx_http_upstream_send_proxy_protocol(ngx_http_request_t *r, ngx_http_upstream_t *u)

  922. +{

  923. +    size_t                   len;

  924. +    ngx_int_t                rc;

  925. +    ngx_connection_t        *uc;

  926. +    ngx_connection_t        *cc;

  927. +    ngx_chain_t             *pp_string;

  928. +    ngx_proxy_protocol_t     pp;

  929. +    ngx_buf_t               *b;

  930. +    char                     port[6];

  931. +    u_char                  *addr;

  932. +    struct sockaddr_storage  sa_src;

  933. +    struct sockaddr_storage  sa_dst;

  934. +    socklen_t                addrlen = NGX_SOCKADDRLEN;

  935. +    struct sockaddr_in      *sin_src;

  936. +    struct sockaddr_in      *sin_dst;

  937. +

  938. +#if (NGX_HAVE_INET6)

  939. +

  940. +    struct sockaddr_in6     *sin6_src;

  941. +    struct sockaddr_in6     *sin6_dst;

  942. +

  943. +#endif

  944. +

  945. +

  946. +    uc = u->peer.connection;

  947. +    cc = r->connection;

  948. +

  949. +    if ( !(u->conf->send_proxy_protocol) ) {

  950. +        return;

  951. +    }

  952. +

  953. +    ngx_log_debug0(NGX_LOG_DEBUG_HTTP, uc->log, 0,

  954. +                   "http upstream send proxy protocol");

  955. +

  956. +    if (!u->request_sent && ngx_http_upstream_test_connect(uc) != NGX_OK) {

  957. +        ngx_http_upstream_next(r, u, NGX_HTTP_UPSTREAM_FT_ERROR);

  958. +        return;

  959. +    }

  960. +

  961. +    uc->log->action = "sending proxy protocol to upstream";

  962. +

  963. +    len = 0;

  964. +

  965. +    if (r->connection->proxy_protocol) {

  966. +        ngx_log_debug0(NGX_LOG_DEBUG_HTTP, uc->log, 0,

  967. +                   "PP: got proxy-protocol from client connection");

  968. +

  969. +        switch (cc->sockaddr->sa_family) {

  970. +

  971. +#if (NGX_HAVE_INET6)

  972. +

  973. +            case AF_INET6:

  974. +

  975. +                pp.pp_proto = NGX_PP_PROTO_TCP6;

  976. +                sin6_dst = (struct sockaddr_in6 *) cc->local_sockaddr;

  977. +                sin6_src = (struct sockaddr_in6 *) cc->sockaddr;

  978. +

  979. +                break;

  980. +

  981. +#endif

  982. +

  983. +            default:

  984. +                pp.pp_proto = NGX_PP_PROTO_TCP4;

  985. +                sin_dst = (struct sockaddr_in *) cc->local_sockaddr;

  986. +                sin_src = (struct sockaddr_in *) cc->sockaddr;

  987. +

  988. +        }

  989. +

  990. +    } else {

  991. +

  992. +        ngx_log_debug0(NGX_LOG_DEBUG_HTTP, uc->log, 0,

  993. +                   "PP: collecting information from socket fd");

  994. +

  995. +        getsockname(cc->fd, (struct sockaddr *) &sa_dst, &addrlen);

  996. +

  997. +        switch (sa_dst.ss_family) {

  998. +

  999. +#if (NGX_HAVE_INET6)

  1000. +

  1001. +            case AF_INET6:

  1002. +

  1003. +                pp.pp_proto = NGX_PP_PROTO_TCP6;

  1004. +                sin6_dst = (struct sockaddr_in6 *) &sa_dst;

  1005. +

  1006. +                getpeername(cc->fd, (struct sockaddr *) &sa_src, &addrlen);

  1007. +                sin6_src = (struct sockaddr_in6 *) &sa_src;

  1008. +

  1009. +                break;

  1010. +

  1011. +#endif

  1012. +

  1013. +            default:

  1014. +

  1015. +                pp.pp_proto = NGX_PP_PROTO_TCP4;

  1016. +                sin_dst = (struct sockaddr_in *) &sa_dst;

  1017. +                getpeername(cc->fd, (struct sockaddr *) &sa_src, &addrlen);

  1018. +                sin_src = (struct sockaddr_in *) &sa_src;

  1019. +        }

  1020. +

  1021. +

  1022. +    }

  1023. +

  1024. +    switch (pp.pp_proto) {

  1025. +

  1026. +#if (NGX_HAVE_INET6)

  1027. +

  1028. +        case NGX_PP_PROTO_TCP6:

  1029. +

  1030. +            /* dst3 and dst4 */

  1031. +            addr = ngx_pcalloc(r->pool, NGX_INET6_ADDRSTRLEN);

  1032. +            ngx_inet_ntop(AF_INET6, &sin6_dst->sin6_addr, addr, NGX_INET6_ADDRSTRLEN);

  1033. +            pp.pp_dst3_text.data = ngx_pcalloc(r->pool, NGX_INET6_ADDRSTRLEN);

  1034. +            pp.pp_dst3_text.len = ngx_strlen(addr);

  1035. +            ngx_memcpy(pp.pp_dst3_text.data, addr, pp.pp_dst3_text.len);

  1036. +            pp.pp_dst4 = htons(sin6_dst->sin6_port);

  1037. +

  1038. +            ngx_memzero(addr, NGX_INET6_ADDRSTRLEN);

  1039. +

  1040. +            /* src3 and src4 */

  1041. +            ngx_inet_ntop(AF_INET6, &sin6_src->sin6_addr, addr, NGX_INET6_ADDRSTRLEN);

  1042. +            pp.pp_src3_text.data = ngx_pcalloc(r->pool, NGX_INET6_ADDRSTRLEN);

  1043. +            pp.pp_src3_text.len = ngx_strlen(addr);

  1044. +            ngx_memcpy(pp.pp_src3_text.data, addr, pp.pp_src3_text.len);

  1045. +            pp.pp_src4 = htons(sin6_src->sin6_port);

  1046. +

  1047. +        break;

  1048. +

  1049. +#endif

  1050. +

  1051. +        default:

  1052. +

  1053. +            /* dst3 and dst4 */

  1054. +            addr = ngx_pcalloc(r->pool, NGX_INET_ADDRSTRLEN);

  1055. +            ngx_inet_ntop(AF_INET, &sin_dst->sin_addr, addr, NGX_INET_ADDRSTRLEN);

  1056. +            pp.pp_dst3_text.data = ngx_pcalloc(r->pool, NGX_INET_ADDRSTRLEN);

  1057. +            pp.pp_dst3_text.len = ngx_strlen(addr);

  1058. +            ngx_memcpy(pp.pp_dst3_text.data, addr, pp.pp_dst3_text.len);

  1059. +            pp.pp_dst4 = htons(sin_dst->sin_port);

  1060. +

  1061. +            ngx_memzero(addr, NGX_INET_ADDRSTRLEN);

  1062. +

  1063. +            /* src3 and src4 */

  1064. +            ngx_inet_ntop(AF_INET, &sin_src->sin_addr, addr, NGX_INET_ADDRSTRLEN);

  1065. +            pp.pp_src3_text.data = ngx_pcalloc(r->pool, NGX_INET_ADDRSTRLEN);

  1066. +            pp.pp_src3_text.len = ngx_strlen(addr);

  1067. +            ngx_memcpy(pp.pp_src3_text.data, addr, pp.pp_src3_text.len);

  1068. +            pp.pp_src4 = htons(sin_src->sin_port);

  1069. +

  1070. +    }

  1071. +

  1072. +    len += ngx_proxy_protocol_string_length(&pp);

  1073. +

  1074. +    ngx_print_proxy_protocol(&pp, uc->log);

  1075. +

  1076. +    b = ngx_create_temp_buf(uc->pool, len);

  1077. +    if (b == NULL) {

  1078. +        return;

  1079. +    }

  1080. +

  1081. +    pp_string = ngx_alloc_chain_link(uc->pool);

  1082. +    if (pp_string == NULL) {

  1083. +        return;

  1084. +    }

  1085. +

  1086. +    pp_string->buf = b;

  1087. +    pp_string->next = NULL;

  1088. +

  1089. +    b->last = ngx_cpymem(b->last, "PROXY ", sizeof("PROXY ") - 1);

  1090. +

  1091. +    switch (pp.pp_proto) {

  1092. +        case NGX_PP_PROTO_TCP4:

  1093. +            b->last = ngx_cpymem(b->last, "TCP4 ", sizeof("TCP4 ") - 1);

  1094. +        break;

  1095. +        case NGX_PP_PROTO_TCP6:

  1096. +            b->last = ngx_cpymem(b->last, "TCP6 ", sizeof("TCP6 ") - 1);

  1097. +        break;

  1098. +    }

  1099. +

  1100. +    /* src3 */

  1101. +    b->last = ngx_cpymem(b->last, pp.pp_src3_text.data, pp.pp_src3_text.len);

  1102. +    b->last = ngx_cpymem(b->last, " ", 1);

  1103. +

  1104. +    /* dst3 */

  1105. +    b->last = ngx_cpymem(b->last, pp.pp_dst3_text.data, pp.pp_dst3_text.len);

  1106. +    b->last = ngx_cpymem(b->last, " ", 1);

  1107. +

  1108. +    /* src4 */

  1109. +    ngx_memzero(port, 6);

  1110. +    sprintf(port,"%d", pp.pp_src4);

  1111. +    b->last = ngx_cpymem(b->last, port, strlen(port));

  1112. +    b->last = ngx_cpymem(b->last, " ", 1);

  1113. +

  1114. +    /* dst4 */

  1115. +    ngx_memzero(port, 6);

  1116. +    sprintf(port,"%d", pp.pp_dst4);

  1117. +    b->last = ngx_cpymem(b->last, port, strlen(port));

  1118. +

  1119. +    /* CRLF */

  1120. +    b->last = ngx_cpymem(b->last, CRLF, sizeof(CRLF) - 1);

  1121. +

  1122. +    ngx_log_debug3(NGX_LOG_DEBUG_HTTP, uc->log, 0,

  1123. +            "http upstream send proxy protocol: %d -%*s-",

  1124. +            ngx_proxy_protocol_string_length(&pp),

  1125. +            ngx_proxy_protocol_string_length(&pp) - 2,

  1126. +            b->start);

  1127. +

  1128. +    rc = ngx_output_chain(&u->output, pp_string);

  1129. +

  1130. +    if (rc == NGX_ERROR) {

  1131. +        ngx_http_upstream_next(r, u, NGX_HTTP_UPSTREAM_FT_ERROR);

  1132. +        return;

  1133. +    }

  1134. +

  1135. +}

  1136. +

  1137. +#endif

  1138. +

  1139. +

  1140.  static void
  1141.  ngx_http_upstream_send_request_handler(ngx_http_request_t *r,
  1142.      ngx_http_upstream_t *u)
  1143. Index: nginx-1.4.7/src/http/ngx_http_upstream.h

  1144. ===================================================================

  1145. --- nginx-1.4.7.orig/src/http/ngx_http_upstream.h

  1146. +++ nginx-1.4.7/src/http/ngx_http_upstream.h

  1147. @@ -188,6 +188,10 @@ typedef struct {

  1148.      unsigned                         intercept_404:1;
  1149.      unsigned                         change_buffering:1;
  1150.  
  1151. +#if (NGX_PROXY_PROTOCOL)

  1152. +    ngx_flag_t                       send_proxy_protocol;

  1153. +#endif

  1154. +

  1155.  #if (NGX_HTTP_SSL)
  1156.      ngx_ssl_t                       *ssl;
  1157.      ngx_flag_t                       ssl_session_reuse;
  1158. Index: nginx-1.4.7/auto/cc/gcc

  1159. ===================================================================

  1160. --- nginx-1.4.7.orig/auto/cc/gcc

  1161. +++ nginx-1.4.7/auto/cc/gcc

  1162. @@ -168,7 +168,7 @@ esac

  1163.  
  1164.  
  1165.  # stop on warning
  1166. -CFLAGS="$CFLAGS -Werror"

  1167. +CFLAGS="$CFLAGS"

  1168.  
  1169.  # debug
  1170.  CFLAGS="$CFLAGS -g"
  1171. Index: nginx-1.4.7/auto/cc/icc

  1172. ===================================================================

  1173. --- nginx-1.4.7.orig/auto/cc/icc

  1174. +++ nginx-1.4.7/auto/cc/icc

  1175. @@ -115,7 +115,7 @@ case "$NGX_ICC_VER" in

  1176.  esac
  1177.  
  1178.  # stop on warning
  1179. -CFLAGS="$CFLAGS -Werror"

  1180. +CFLAGS="$CFLAGS "

  1181.  
  1182.  # debug
  1183.  CFLAGS="$CFLAGS -g"