static ngx_int_t
ngx_http_ip2location_cidr_value(ngx_conf_t *cf, ngx_str_t *net, ngx_cidr_t *cidr)
{
ngx_int_t rc;
if (ngx_strcmp(net->data, "255.255.255.255") == 0) {
cidr->family = AF_INET;
cidr->u.in.addr = 0xffffffff;
cidr->u.in.mask = 0xffffffff;
return NGX_OK;
}
rc = ngx_ptocidr(net, cidr);
if (rc == NGX_ERROR) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"invalid network \"%V\"", net);
return NGX_ERROR;
}
if (rc == NGX_DONE) {
ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
"low address bits of %V are meaningless", net);
}
return NGX_OK;
}
static char *
ngx_tcp_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_tcp_core_srv_conf_t *cscf = conf;
ngx_int_t rc;
ngx_str_t *value;
ngx_cidr_t cidr;
ngx_tcp_access_rule_t *rule;
if (cscf->rules == NULL) {
cscf->rules = ngx_array_create(cf->pool, 4,
sizeof(ngx_tcp_access_rule_t));
if (cscf->rules == NULL) {
return NGX_CONF_ERROR;
}
}
rule = ngx_array_push(cscf->rules);
if (rule == NULL) {
return NGX_CONF_ERROR;
}
value = cf->args->elts;
rule->deny = (value[0].data[0] == 'd') ? 1 : 0;
if (value[1].len == 3 && ngx_strcmp(value[1].data, "all") == 0) {
rule->mask = 0;
rule->addr = 0;
return NGX_CONF_OK;
}
rc = ngx_ptocidr(&value[1], &cidr);
if (rc == NGX_ERROR) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"",
&value[1]);
return NGX_CONF_ERROR;
}
if (cidr.family != AF_INET) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"\"allow\" supports IPv4 only");
return NGX_CONF_ERROR;
}
if (rc == NGX_DONE) {
ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
"low address bits of %V are meaningless", &value[1]);
}
rule->mask = cidr.u.in.mask;
rule->addr = cidr.u.in.addr;
return NGX_CONF_OK;
}
static char *
ngx_http_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_http_realip_loc_conf_t *rlcf = conf;
ngx_int_t rc;
ngx_str_t *value;
ngx_cidr_t cidr;
ngx_http_realip_from_t *from;
value = cf->args->elts;
#if (NGX_HAVE_UNIX_DOMAIN)
if (ngx_strcmp(value[1].data, "unix:") == 0) {
rlcf->unixsock = 1;
return NGX_CONF_OK;
}
#endif
if (rlcf->from == NULL) {
rlcf->from = ngx_array_create(cf->pool, 2,
sizeof(ngx_http_realip_from_t));
if (rlcf->from == NULL) {
return NGX_CONF_ERROR;
}
}
from = ngx_array_push(rlcf->from);
if (from == NULL) {
return NGX_CONF_ERROR;
}
rc = ngx_ptocidr(&value[1], &cidr);
if (rc == NGX_ERROR) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"",
&value[1]);
return NGX_CONF_ERROR;
}
if (cidr.family != AF_INET) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"\"set_real_ip_from\" supports IPv4 only");
return NGX_CONF_ERROR;
}
if (rc == NGX_DONE) {
ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
"low address bits of %V are meaningless", &value[1]);
}
from->mask = cidr.u.in.mask;
from->addr = cidr.u.in.addr;
return NGX_CONF_OK;
}
static char *
ngx_event_debug_connection(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
#if (NGX_DEBUG)
ngx_event_conf_t *ecf = conf;
ngx_int_t rc;
ngx_str_t *value;
ngx_event_debug_t *dc;
struct hostent *h;
ngx_inet_cidr_t in_cidr;
value = cf->args->elts;
/* AF_INET only */
dc = ngx_array_push(&ecf->debug_connection);
if (dc == NULL) {
return NGX_CONF_ERROR;
}
rc = ngx_ptocidr(&value[1], &in_cidr);
if (rc == NGX_DONE) {
ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
"low address bits of %V are meaningless", &value[1]);
rc = NGX_OK;
}
if (rc == NGX_OK) {
dc->mask = in_cidr.mask;
dc->addr = in_cidr.addr;
return NGX_CONF_OK;
}
h = gethostbyname((char *) value[1].data);
if (h == NULL || h->h_addr_list[0] == NULL) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"host \"%s\" not found", value[1].data);
return NGX_CONF_ERROR;
}
dc->mask = 0xffffffff;
dc->addr = *(in_addr_t *)(h->h_addr_list[0]);
#else
ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
"\"debug_connection\" is ignored, you need to rebuild "
"nginx using --with-debug option to enable it");
#endif
return NGX_CONF_OK;
}
static char *
ngx_http_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_http_realip_loc_conf_t *rlcf = conf;
ngx_int_t rc;
ngx_str_t *value;
ngx_cidr_t *cidr;
value = cf->args->elts;
if (rlcf->from == NULL) {
rlcf->from = ngx_array_create(cf->pool, 2,
sizeof(ngx_cidr_t));
if (rlcf->from == NULL) {
return NGX_CONF_ERROR;
}
}
cidr = ngx_array_push(rlcf->from);
if (cidr == NULL) {
return NGX_CONF_ERROR;
}
#if (NGX_HAVE_UNIX_DOMAIN)
if (ngx_strcmp(value[1].data, "unix:") == 0) {
cidr->family = AF_UNIX;
return NGX_CONF_OK;
}
#endif
rc = ngx_ptocidr(&value[1], cidr);
if (rc == NGX_ERROR) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"",
&value[1]);
return NGX_CONF_ERROR;
}
if (rc == NGX_DONE) {
ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
"low address bits of %V are meaningless", &value[1]);
}
return NGX_CONF_OK;
}
static char *
ngx_http_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_http_realip_loc_conf_t *rlcf = conf;
ngx_int_t rc;
ngx_str_t *value;
ngx_inet_cidr_t in_cidr;
ngx_http_realip_from_t *from;
if (rlcf->from == NULL) {
rlcf->from = ngx_array_create(cf->pool, 2,
sizeof(ngx_http_realip_from_t));
if (rlcf->from == NULL) {
return NGX_CONF_ERROR;
}
}
from = ngx_array_push(rlcf->from);
if (from == NULL) {
return NGX_CONF_ERROR;
}
value = cf->args->elts;
rc = ngx_ptocidr(&value[1], &in_cidr);
if (rc == NGX_ERROR) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"",
&value[1]);
return NGX_CONF_ERROR;
}
if (rc == NGX_DONE) {
ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
"low address bits of %V are meaningless", &value[1]);
}
from->mask = in_cidr.mask;
from->addr = in_cidr.addr;
return NGX_CONF_OK;
}
static char *
ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_http_access_loc_conf_t *alcf = conf;
ngx_int_t rc;
ngx_uint_t all;
ngx_str_t *value;
ngx_cidr_t cidr;
ngx_http_access_rule_t *rule;
#if (NGX_HAVE_INET6)
ngx_http_access_rule6_t *rule6;
#endif
ngx_memzero(&cidr, sizeof(ngx_cidr_t));
value = cf->args->elts;
all = (value[1].len == 3 && ngx_strcmp(value[1].data, "all") == 0);
if (!all) {
rc = ngx_ptocidr(&value[1], &cidr);
if (rc == NGX_ERROR) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"invalid parameter \"%V\"", &value[1]);
return NGX_CONF_ERROR;
}
if (rc == NGX_DONE) {
ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
"low address bits of %V are meaningless", &value[1]);
}
}
switch (cidr.family) {
#if (NGX_HAVE_INET6)
case AF_INET6:
case 0: /* all */
if (alcf->rules6 == NULL) {
alcf->rules6 = ngx_array_create(cf->pool, 4,
sizeof(ngx_http_access_rule6_t));
if (alcf->rules6 == NULL) {
return NGX_CONF_ERROR;
}
}
rule6 = ngx_array_push(alcf->rules6);
if (rule6 == NULL) {
return NGX_CONF_ERROR;
}
rule6->mask = cidr.u.in6.mask;
rule6->addr = cidr.u.in6.addr;
rule6->deny = (value[0].data[0] == 'd') ? 1 : 0;
if (!all) {
break;
}
/* "all" passes through */
#endif
default: /* AF_INET */
if (alcf->rules == NULL) {
alcf->rules = ngx_array_create(cf->pool, 4,
sizeof(ngx_http_access_rule_t));
if (alcf->rules == NULL) {
return NGX_CONF_ERROR;
}
}
rule = ngx_array_push(alcf->rules);
if (rule == NULL) {
return NGX_CONF_ERROR;
}
rule->mask = cidr.u.in.mask;
rule->addr = cidr.u.in.addr;
rule->deny = (value[0].data[0] == 'd') ? 1 : 0;
}
return NGX_CONF_OK;
}
char *
ngx_http_cache_purge_conf(ngx_conf_t *cf, ngx_http_cache_purge_conf_t *cpcf)
{
ngx_cidr_t cidr;
ngx_in_cidr_t *access;
# if (NGX_HAVE_INET6)
ngx_in6_cidr_t *access6;
# endif /* NGX_HAVE_INET6 */
ngx_str_t *value;
ngx_int_t rc;
ngx_uint_t i;
value = cf->args->elts;
if (ngx_strcmp(value[1].data, "off") == 0) {
cpcf->enable = 0;
return NGX_CONF_OK;
} else if (ngx_strcmp(value[1].data, "on") == 0) {
ngx_str_set(&cpcf->method, "PURGE");
} else {
cpcf->method = value[1];
}
if (cf->args->nelts < 4) {
cpcf->enable = 1;
return NGX_CONF_OK;
}
/* sanity check */
if (ngx_strcmp(value[2].data, "from") != 0) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"invalid parameter \"%V\", expected"
" \"from\" keyword", &value[2]);
return NGX_CONF_ERROR;
}
if (ngx_strcmp(value[3].data, "all") == 0) {
cpcf->enable = 1;
return NGX_CONF_OK;
}
for (i = 3; i < cf->args->nelts; i++) {
rc = ngx_ptocidr(&value[i], &cidr);
if (rc == NGX_ERROR) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"invalid parameter \"%V\"", &value[i]);
return NGX_CONF_ERROR;
}
if (rc == NGX_DONE) {
ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
"low address bits of %V are meaningless",
&value[i]);
}
switch (cidr.family) {
case AF_INET:
if (cpcf->access == NULL) {
cpcf->access = ngx_array_create(cf->pool, cf->args->nelts - 3,
sizeof(ngx_in_cidr_t));
if (cpcf->access == NULL) {
return NGX_CONF_ERROR;
}
}
access = ngx_array_push(cpcf->access);
if (access == NULL) {
return NGX_CONF_ERROR;
}
access->mask = cidr.u.in.mask;
access->addr = cidr.u.in.addr;
break;
# if (NGX_HAVE_INET6)
case AF_INET6:
if (cpcf->access6 == NULL) {
cpcf->access6 = ngx_array_create(cf->pool, cf->args->nelts - 3,
sizeof(ngx_in6_cidr_t));
if (cpcf->access6 == NULL) {
return NGX_CONF_ERROR;
}
}
access6 = ngx_array_push(cpcf->access6);
if (access6 == NULL) {
return NGX_CONF_ERROR;
}
access6->mask = cidr.u.in6.mask;
access6->addr = cidr.u.in6.addr;
break;
# endif /* NGX_HAVE_INET6 */
}
}
cpcf->enable = 1;
return NGX_CONF_OK;
}
static char *
ngx_event_debug_connection(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
#if (NGX_DEBUG)
ngx_event_conf_t *ecf = conf;
ngx_int_t rc;
ngx_str_t *value;
ngx_url_t u;
ngx_cidr_t c, *cidr;
ngx_uint_t i;
struct sockaddr_in *sin;
#if (NGX_HAVE_INET6)
struct sockaddr_in6 *sin6;
#endif
value = cf->args->elts;
#if (NGX_HAVE_UNIX_DOMAIN)
if (ngx_strcmp(value[1].data, "unix:") == 0) {
cidr = ngx_array_push(&ecf->debug_connection);
if (cidr == NULL) {
return NGX_CONF_ERROR;
}
cidr->family = AF_UNIX;
return NGX_CONF_OK;
}
#endif
rc = ngx_ptocidr(&value[1], &c);
if (rc != NGX_ERROR) {
if (rc == NGX_DONE) {
ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
"low address bits of %V are meaningless",
&value[1]);
}
cidr = ngx_array_push(&ecf->debug_connection);
if (cidr == NULL) {
return NGX_CONF_ERROR;
}
*cidr = c;
return NGX_CONF_OK;
}
ngx_memzero(&u, sizeof(ngx_url_t));
u.host = value[1];
if (ngx_inet_resolve_host(cf->pool, &u) != NGX_OK) {
if (u.err) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"%s in debug_connection \"%V\"",
u.err, &u.host);
}
return NGX_CONF_ERROR;
}
cidr = ngx_array_push_n(&ecf->debug_connection, u.naddrs);
if (cidr == NULL) {
return NGX_CONF_ERROR;
}
ngx_memzero(cidr, u.naddrs * sizeof(ngx_cidr_t));
for (i = 0; i < u.naddrs; i++) {
cidr[i].family = u.addrs[i].sockaddr->sa_family;
switch (cidr[i].family) {
#if (NGX_HAVE_INET6)
case AF_INET6:
sin6 = (struct sockaddr_in6 *) u.addrs[i].sockaddr;
cidr[i].u.in6.addr = sin6->sin6_addr;
ngx_memset(cidr[i].u.in6.mask.s6_addr, 0xff, 16);
break;
#endif
default: /* AF_INET */
sin = (struct sockaddr_in *) u.addrs[i].sockaddr;
cidr[i].u.in.addr = sin->sin_addr.s_addr;
cidr[i].u.in.mask = 0xffffffff;
break;
}
}
#else
ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
"\"debug_connection\" is ignored, you need to rebuild "
"nginx using --with-debug option to enable it");
#endif
return NGX_CONF_OK;
}
static char *
ngx_rtmp_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_rtmp_access_app_conf_t *ascf = conf;
ngx_int_t rc;
ngx_uint_t all;
ngx_str_t *value;
ngx_cidr_t cidr;
ngx_rtmp_access_rule_t *rule;
#if (NGX_HAVE_INET6)
ngx_rtmp_access_rule6_t *rule6;
#endif
size_t n;
ngx_uint_t flags;
ngx_memzero(&cidr, sizeof(ngx_cidr_t));
value = cf->args->elts;
n = 1;
flags = 0;
if (cf->args->nelts == 2) {
flags = NGX_RTMP_ACCESS_PUBLISH | NGX_RTMP_ACCESS_PLAY;
} else {
for(; n < cf->args->nelts - 1; ++n) {
if (value[n].len == sizeof("publish") - 1 &&
ngx_strcmp(value[1].data, "publish") == 0)
{
flags |= NGX_RTMP_ACCESS_PUBLISH;
continue;
}
if (value[n].len == sizeof("play") - 1 &&
ngx_strcmp(value[1].data, "play") == 0)
{
flags |= NGX_RTMP_ACCESS_PLAY;
continue;
}
ngx_log_error(NGX_LOG_ERR, cf->log, 0,
"unexpected access specified: '%V'", &value[n]);
return NGX_CONF_ERROR;
}
}
all = (value[n].len == 3 && ngx_strcmp(value[n].data, "all") == 0);
if (!all) {
rc = ngx_ptocidr(&value[n], &cidr);
if (rc == NGX_ERROR) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"invalid parameter \"%V\"", &value[1]);
return NGX_CONF_ERROR;
}
if (rc == NGX_DONE) {
ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
"low address bits of %V are meaningless",
&value[1]);
}
}
switch (cidr.family) {
#if (NGX_HAVE_INET6)
case AF_INET6:
case 0: /* all */
rule6 = ngx_array_push(&ascf->rules6);
if (rule6 == NULL) {
return NGX_CONF_ERROR;
}
rule6->mask = cidr.u.in6.mask;
rule6->addr = cidr.u.in6.addr;
rule6->deny = (value[0].data[0] == 'd') ? 1 : 0;
rule6->flags = flags;
if (!all) {
break;
}
/* "all" passes through */
#endif
default: /* AF_INET */
rule = ngx_array_push(&ascf->rules);
if (rule == NULL) {
return NGX_CONF_ERROR;
}
rule->mask = cidr.u.in.mask;
rule->addr = cidr.u.in.addr;
rule->deny = (value[0].data[0] == 'd') ? 1 : 0;
rule->flags = flags;
}
return NGX_CONF_OK;
}
static char *
ngx_stream_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_stream_access_srv_conf_t *ascf = conf;
ngx_int_t rc;
ngx_uint_t all;
ngx_str_t *value;
ngx_cidr_t cidr;
ngx_stream_access_rule_t *rule;
#if (NGX_HAVE_INET6)
ngx_stream_access_rule6_t *rule6;
#endif
#if (NGX_HAVE_UNIX_DOMAIN)
ngx_stream_access_rule_un_t *rule_un;
#endif
ngx_memzero(&cidr, sizeof(ngx_cidr_t));
value = cf->args->elts;
all = (value[1].len == 3 && ngx_strcmp(value[1].data, "all") == 0);
if (!all) {
#if (NGX_HAVE_UNIX_DOMAIN)
if (value[1].len == 5 && ngx_strcmp(value[1].data, "unix:") == 0) {
cidr.family = AF_UNIX;
rc = NGX_OK;
} else {
rc = ngx_ptocidr(&value[1], &cidr);
}
#else
rc = ngx_ptocidr(&value[1], &cidr);
#endif
if (rc == NGX_ERROR) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"invalid parameter \"%V\"", &value[1]);
return NGX_CONF_ERROR;
}
if (rc == NGX_DONE) {
ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
"low address bits of %V are meaningless", &value[1]);
}
}
if (cidr.family == AF_INET || all) {
if (ascf->rules == NULL) {
ascf->rules = ngx_array_create(cf->pool, 4,
sizeof(ngx_stream_access_rule_t));
if (ascf->rules == NULL) {
return NGX_CONF_ERROR;
}
}
rule = ngx_array_push(ascf->rules);
if (rule == NULL) {
return NGX_CONF_ERROR;
}
rule->mask = cidr.u.in.mask;
rule->addr = cidr.u.in.addr;
rule->deny = (value[0].data[0] == 'd') ? 1 : 0;
}
#if (NGX_HAVE_INET6)
if (cidr.family == AF_INET6 || all) {
if (ascf->rules6 == NULL) {
ascf->rules6 = ngx_array_create(cf->pool, 4,
sizeof(ngx_stream_access_rule6_t));
if (ascf->rules6 == NULL) {
return NGX_CONF_ERROR;
}
}
rule6 = ngx_array_push(ascf->rules6);
if (rule6 == NULL) {
return NGX_CONF_ERROR;
}
rule6->mask = cidr.u.in6.mask;
rule6->addr = cidr.u.in6.addr;
rule6->deny = (value[0].data[0] == 'd') ? 1 : 0;
}
#endif
#if (NGX_HAVE_UNIX_DOMAIN)
if (cidr.family == AF_UNIX || all) {
if (ascf->rules_un == NULL) {
ascf->rules_un = ngx_array_create(cf->pool, 1,
sizeof(ngx_stream_access_rule_un_t));
if (ascf->rules_un == NULL) {
return NGX_CONF_ERROR;
}
}
rule_un = ngx_array_push(ascf->rules_un);
if (rule_un == NULL) {
return NGX_CONF_ERROR;
}
rule_un->deny = (value[0].data[0] == 'd') ? 1 : 0;
}
#endif
return NGX_CONF_OK;
}
