Welcome! Log In Create A New Profile

Advanced

Re: [PATCH] Core: support for reading PROXY protocol v2 TLVs

Maxim Dounin
November 02, 2022 09:54PM
Hello!

On Wed, Nov 02, 2022 at 05:06:25PM +0400, Roman Arutyunyan wrote:

[...]

> # HG changeset patch
> # User Roman Arutyunyan <arut@nginx.com>
> # Date 1667382376 -14400
> # Wed Nov 02 13:46:16 2022 +0400
> # Node ID dc5f16e6a243c15f58e2c6a62f7a83f536729174
> # Parent 81b4326daac70d6de70abbc3fe36d4f6e3da54a2
> Increased maximum read PROXY protocol header size.
>
> Maximum size for reading the PROXY protocol header is increased to 4096 to
> accommodate a bigger number of TLVs, which are supported since cca4c8a715de.
>
> Maximum size for writing the PROXY protocol header is not changed since only
> version 1 is currently supported.
>
> diff --git a/src/core/ngx_proxy_protocol.c b/src/core/ngx_proxy_protocol.c
> --- a/src/core/ngx_proxy_protocol.c
> +++ b/src/core/ngx_proxy_protocol.c
> @@ -281,7 +281,7 @@ ngx_proxy_protocol_write(ngx_connection_
> {
> ngx_uint_t port, lport;
>
> - if (last - buf < NGX_PROXY_PROTOCOL_MAX_HEADER) {
> + if (last - buf < NGX_PROXY_PROTOCOL_V1_MAX_HEADER) {
> return NULL;
> }

A side note: here an error is detected and returned, but no
logging of the error happens neither in ngx_proxy_protocol_write()
nor in its callers. This needs to be fixed.

(Given that ngx_proxy_protocol_write() can also fail due to
ngx_connection_local_sockaddr() failure, the logging should be
added to ngx_proxy_protocol_write() itself. Alternatively, the
error detection can be completely removed, given that the error
can never happen.)

>
> diff --git a/src/core/ngx_proxy_protocol.h b/src/core/ngx_proxy_protocol.h
> --- a/src/core/ngx_proxy_protocol.h
> +++ b/src/core/ngx_proxy_protocol.h
> @@ -13,7 +13,8 @@
> #include <ngx_core.h>
>
>
> -#define NGX_PROXY_PROTOCOL_MAX_HEADER 107
> +#define NGX_PROXY_PROTOCOL_V1_MAX_HEADER 107
> +#define NGX_PROXY_PROTOCOL_MAX_HEADER 4096
>
>
> struct ngx_proxy_protocol_s {
> diff --git a/src/mail/ngx_mail_proxy_module.c b/src/mail/ngx_mail_proxy_module.c
> --- a/src/mail/ngx_mail_proxy_module.c
> +++ b/src/mail/ngx_mail_proxy_module.c
> @@ -890,7 +890,7 @@ ngx_mail_proxy_send_proxy_protocol(ngx_m
> u_char *p;
> ssize_t n, size;
> ngx_connection_t *c;
> - u_char buf[NGX_PROXY_PROTOCOL_MAX_HEADER];
> + u_char buf[NGX_PROXY_PROTOCOL_V1_MAX_HEADER];
>
> s->connection->log->action = "sending PROXY protocol header to upstream";
>
> @@ -898,7 +898,7 @@ ngx_mail_proxy_send_proxy_protocol(ngx_m
> "mail proxy send PROXY protocol header");
>
> p = ngx_proxy_protocol_write(s->connection, buf,
> - buf + NGX_PROXY_PROTOCOL_MAX_HEADER);
> + buf + NGX_PROXY_PROTOCOL_V1_MAX_HEADER);
> if (p == NULL) {
> ngx_mail_proxy_internal_server_error(s);
> return NGX_ERROR;
> diff --git a/src/stream/ngx_stream_proxy_module.c b/src/stream/ngx_stream_proxy_module.c
> --- a/src/stream/ngx_stream_proxy_module.c
> +++ b/src/stream/ngx_stream_proxy_module.c
> @@ -894,7 +894,7 @@ ngx_stream_proxy_init_upstream(ngx_strea
> return;
> }
>
> - p = ngx_pnalloc(c->pool, NGX_PROXY_PROTOCOL_MAX_HEADER);
> + p = ngx_pnalloc(c->pool, NGX_PROXY_PROTOCOL_V1_MAX_HEADER);
> if (p == NULL) {
> ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR);
> return;
> @@ -902,7 +902,8 @@ ngx_stream_proxy_init_upstream(ngx_strea
>
> cl->buf->pos = p;
>
> - p = ngx_proxy_protocol_write(c, p, p + NGX_PROXY_PROTOCOL_MAX_HEADER);
> + p = ngx_proxy_protocol_write(c, p,
> + p + NGX_PROXY_PROTOCOL_V1_MAX_HEADER);
> if (p == NULL) {
> ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR);
> return;
> @@ -946,14 +947,15 @@ ngx_stream_proxy_send_proxy_protocol(ngx
> ngx_connection_t *c, *pc;
> ngx_stream_upstream_t *u;
> ngx_stream_proxy_srv_conf_t *pscf;
> - u_char buf[NGX_PROXY_PROTOCOL_MAX_HEADER];
> + u_char buf[NGX_PROXY_PROTOCOL_V1_MAX_HEADER];
>
> c = s->connection;
>
> ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0,
> "stream proxy send PROXY protocol header");
>
> - p = ngx_proxy_protocol_write(c, buf, buf + NGX_PROXY_PROTOCOL_MAX_HEADER);
> + p = ngx_proxy_protocol_write(c, buf,
> + buf + NGX_PROXY_PROTOCOL_V1_MAX_HEADER);
> if (p == NULL) {
> ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR);
> return NGX_ERROR;

Looks good.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-leave@nginx.org
Subject Author Views Posted

[PATCH] Core: support for reading PROXY protocol v2 TLVs

Roman Arutyunyan 970 August 31, 2022 11:54AM

Re: [PATCH] Core: support for reading PROXY protocol v2 TLVs

Roman Arutyunyan 196 September 01, 2022 05:48AM

Re: [PATCH] Core: support for reading PROXY protocol v2 TLVs

Maxim Dounin 200 September 04, 2022 08:54PM

RE: [PATCH] Core: support for reading PROXY protocol v2 TLVs

Eran Kornblau via nginx-devel 199 September 05, 2022 01:14AM

Re: [PATCH] Core: support for reading PROXY protocol v2 TLVs

Roman Arutyunyan 189 September 05, 2022 09:24AM

Re: [PATCH] Core: support for reading PROXY protocol v2 TLVs

Maxim Dounin 249 September 05, 2022 12:00PM

Re: [PATCH] Core: support for reading PROXY protocol v2 TLVs

Roman Arutyunyan 172 September 09, 2022 11:48AM

Re: [PATCH] Core: support for reading PROXY protocol v2 TLVs

Maxim Dounin 166 September 12, 2022 05:32PM

Re: [PATCH] Core: support for reading PROXY protocol v2 TLVs

Roman Arutyunyan 189 September 13, 2022 11:04AM

Re: [PATCH] Core: support for reading PROXY protocol v2 TLVs

Maxim Dounin 196 September 19, 2022 10:48PM

Re: [PATCH] Core: support for reading PROXY protocol v2 TLVs

Roman Arutyunyan 174 September 27, 2022 05:42AM

Re: [PATCH] Core: support for reading PROXY protocol v2 TLVs

Maxim Dounin 211 October 10, 2022 09:22PM

Re: [PATCH] Core: support for reading PROXY protocol v2 TLVs

Roman Arutyunyan 163 October 11, 2022 09:02AM

Re: [PATCH] Core: support for reading PROXY protocol v2 TLVs

Maxim Dounin 166 October 11, 2022 04:56PM

Re: [PATCH] Core: support for reading PROXY protocol v2 TLVs

Roman Arutyunyan 160 October 31, 2022 08:08AM

Re: [PATCH] Core: support for reading PROXY protocol v2 TLVs

Maxim Dounin 175 November 01, 2022 10:16AM

Re: [PATCH] Core: support for reading PROXY protocol v2 TLVs

Roman Arutyunyan 184 November 02, 2022 09:08AM

Re: [PATCH] Core: support for reading PROXY protocol v2 TLVs

Maxim Dounin 175 November 02, 2022 09:54PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 141
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready