static ngx_int_t ngx_http_ip2location_cidr_value(ngx_conf_t *cf, ngx_str_t *net, ngx_cidr_t *cidr) { ngx_int_t rc; if (ngx_strcmp(net->data, "255.255.255.255") == 0) { cidr->family = AF_INET; cidr->u.in.addr = 0xffffffff; cidr->u.in.mask = 0xffffffff; return NGX_OK; } rc = ngx_ptocidr(net, cidr); if (rc == NGX_ERROR) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid network \"%V\"", net); return NGX_ERROR; } if (rc == NGX_DONE) { ngx_conf_log_error(NGX_LOG_WARN, cf, 0, "low address bits of %V are meaningless", net); } return NGX_OK; }
static char * ngx_tcp_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { ngx_tcp_core_srv_conf_t *cscf = conf; ngx_int_t rc; ngx_str_t *value; ngx_cidr_t cidr; ngx_tcp_access_rule_t *rule; if (cscf->rules == NULL) { cscf->rules = ngx_array_create(cf->pool, 4, sizeof(ngx_tcp_access_rule_t)); if (cscf->rules == NULL) { return NGX_CONF_ERROR; } } rule = ngx_array_push(cscf->rules); if (rule == NULL) { return NGX_CONF_ERROR; } value = cf->args->elts; rule->deny = (value[0].data[0] == 'd') ? 1 : 0; if (value[1].len == 3 && ngx_strcmp(value[1].data, "all") == 0) { rule->mask = 0; rule->addr = 0; return NGX_CONF_OK; } rc = ngx_ptocidr(&value[1], &cidr); if (rc == NGX_ERROR) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"", &value[1]); return NGX_CONF_ERROR; } if (cidr.family != AF_INET) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "\"allow\" supports IPv4 only"); return NGX_CONF_ERROR; } if (rc == NGX_DONE) { ngx_conf_log_error(NGX_LOG_WARN, cf, 0, "low address bits of %V are meaningless", &value[1]); } rule->mask = cidr.u.in.mask; rule->addr = cidr.u.in.addr; return NGX_CONF_OK; }
static char * ngx_http_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { ngx_http_realip_loc_conf_t *rlcf = conf; ngx_int_t rc; ngx_str_t *value; ngx_cidr_t cidr; ngx_http_realip_from_t *from; value = cf->args->elts; #if (NGX_HAVE_UNIX_DOMAIN) if (ngx_strcmp(value[1].data, "unix:") == 0) { rlcf->unixsock = 1; return NGX_CONF_OK; } #endif if (rlcf->from == NULL) { rlcf->from = ngx_array_create(cf->pool, 2, sizeof(ngx_http_realip_from_t)); if (rlcf->from == NULL) { return NGX_CONF_ERROR; } } from = ngx_array_push(rlcf->from); if (from == NULL) { return NGX_CONF_ERROR; } rc = ngx_ptocidr(&value[1], &cidr); if (rc == NGX_ERROR) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"", &value[1]); return NGX_CONF_ERROR; } if (cidr.family != AF_INET) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "\"set_real_ip_from\" supports IPv4 only"); return NGX_CONF_ERROR; } if (rc == NGX_DONE) { ngx_conf_log_error(NGX_LOG_WARN, cf, 0, "low address bits of %V are meaningless", &value[1]); } from->mask = cidr.u.in.mask; from->addr = cidr.u.in.addr; return NGX_CONF_OK; }
static char * ngx_event_debug_connection(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { #if (NGX_DEBUG) ngx_event_conf_t *ecf = conf; ngx_int_t rc; ngx_str_t *value; ngx_event_debug_t *dc; struct hostent *h; ngx_inet_cidr_t in_cidr; value = cf->args->elts; /* AF_INET only */ dc = ngx_array_push(&ecf->debug_connection); if (dc == NULL) { return NGX_CONF_ERROR; } rc = ngx_ptocidr(&value[1], &in_cidr); if (rc == NGX_DONE) { ngx_conf_log_error(NGX_LOG_WARN, cf, 0, "low address bits of %V are meaningless", &value[1]); rc = NGX_OK; } if (rc == NGX_OK) { dc->mask = in_cidr.mask; dc->addr = in_cidr.addr; return NGX_CONF_OK; } h = gethostbyname((char *) value[1].data); if (h == NULL || h->h_addr_list[0] == NULL) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "host \"%s\" not found", value[1].data); return NGX_CONF_ERROR; } dc->mask = 0xffffffff; dc->addr = *(in_addr_t *)(h->h_addr_list[0]); #else ngx_conf_log_error(NGX_LOG_WARN, cf, 0, "\"debug_connection\" is ignored, you need to rebuild " "nginx using --with-debug option to enable it"); #endif return NGX_CONF_OK; }
static char * ngx_http_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { ngx_http_realip_loc_conf_t *rlcf = conf; ngx_int_t rc; ngx_str_t *value; ngx_cidr_t *cidr; value = cf->args->elts; if (rlcf->from == NULL) { rlcf->from = ngx_array_create(cf->pool, 2, sizeof(ngx_cidr_t)); if (rlcf->from == NULL) { return NGX_CONF_ERROR; } } cidr = ngx_array_push(rlcf->from); if (cidr == NULL) { return NGX_CONF_ERROR; } #if (NGX_HAVE_UNIX_DOMAIN) if (ngx_strcmp(value[1].data, "unix:") == 0) { cidr->family = AF_UNIX; return NGX_CONF_OK; } #endif rc = ngx_ptocidr(&value[1], cidr); if (rc == NGX_ERROR) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"", &value[1]); return NGX_CONF_ERROR; } if (rc == NGX_DONE) { ngx_conf_log_error(NGX_LOG_WARN, cf, 0, "low address bits of %V are meaningless", &value[1]); } return NGX_CONF_OK; }
static char * ngx_http_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { ngx_http_realip_loc_conf_t *rlcf = conf; ngx_int_t rc; ngx_str_t *value; ngx_inet_cidr_t in_cidr; ngx_http_realip_from_t *from; if (rlcf->from == NULL) { rlcf->from = ngx_array_create(cf->pool, 2, sizeof(ngx_http_realip_from_t)); if (rlcf->from == NULL) { return NGX_CONF_ERROR; } } from = ngx_array_push(rlcf->from); if (from == NULL) { return NGX_CONF_ERROR; } value = cf->args->elts; rc = ngx_ptocidr(&value[1], &in_cidr); if (rc == NGX_ERROR) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"", &value[1]); return NGX_CONF_ERROR; } if (rc == NGX_DONE) { ngx_conf_log_error(NGX_LOG_WARN, cf, 0, "low address bits of %V are meaningless", &value[1]); } from->mask = in_cidr.mask; from->addr = in_cidr.addr; return NGX_CONF_OK; }
static char * ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { ngx_http_access_loc_conf_t *alcf = conf; ngx_int_t rc; ngx_uint_t all; ngx_str_t *value; ngx_cidr_t cidr; ngx_http_access_rule_t *rule; #if (NGX_HAVE_INET6) ngx_http_access_rule6_t *rule6; #endif ngx_memzero(&cidr, sizeof(ngx_cidr_t)); value = cf->args->elts; all = (value[1].len == 3 && ngx_strcmp(value[1].data, "all") == 0); if (!all) { rc = ngx_ptocidr(&value[1], &cidr); if (rc == NGX_ERROR) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"", &value[1]); return NGX_CONF_ERROR; } if (rc == NGX_DONE) { ngx_conf_log_error(NGX_LOG_WARN, cf, 0, "low address bits of %V are meaningless", &value[1]); } } switch (cidr.family) { #if (NGX_HAVE_INET6) case AF_INET6: case 0: /* all */ if (alcf->rules6 == NULL) { alcf->rules6 = ngx_array_create(cf->pool, 4, sizeof(ngx_http_access_rule6_t)); if (alcf->rules6 == NULL) { return NGX_CONF_ERROR; } } rule6 = ngx_array_push(alcf->rules6); if (rule6 == NULL) { return NGX_CONF_ERROR; } rule6->mask = cidr.u.in6.mask; rule6->addr = cidr.u.in6.addr; rule6->deny = (value[0].data[0] == 'd') ? 1 : 0; if (!all) { break; } /* "all" passes through */ #endif default: /* AF_INET */ if (alcf->rules == NULL) { alcf->rules = ngx_array_create(cf->pool, 4, sizeof(ngx_http_access_rule_t)); if (alcf->rules == NULL) { return NGX_CONF_ERROR; } } rule = ngx_array_push(alcf->rules); if (rule == NULL) { return NGX_CONF_ERROR; } rule->mask = cidr.u.in.mask; rule->addr = cidr.u.in.addr; rule->deny = (value[0].data[0] == 'd') ? 1 : 0; } return NGX_CONF_OK; }
char * ngx_http_cache_purge_conf(ngx_conf_t *cf, ngx_http_cache_purge_conf_t *cpcf) { ngx_cidr_t cidr; ngx_in_cidr_t *access; # if (NGX_HAVE_INET6) ngx_in6_cidr_t *access6; # endif /* NGX_HAVE_INET6 */ ngx_str_t *value; ngx_int_t rc; ngx_uint_t i; value = cf->args->elts; if (ngx_strcmp(value[1].data, "off") == 0) { cpcf->enable = 0; return NGX_CONF_OK; } else if (ngx_strcmp(value[1].data, "on") == 0) { ngx_str_set(&cpcf->method, "PURGE"); } else { cpcf->method = value[1]; } if (cf->args->nelts < 4) { cpcf->enable = 1; return NGX_CONF_OK; } /* sanity check */ if (ngx_strcmp(value[2].data, "from") != 0) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\", expected" " \"from\" keyword", &value[2]); return NGX_CONF_ERROR; } if (ngx_strcmp(value[3].data, "all") == 0) { cpcf->enable = 1; return NGX_CONF_OK; } for (i = 3; i < cf->args->nelts; i++) { rc = ngx_ptocidr(&value[i], &cidr); if (rc == NGX_ERROR) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"", &value[i]); return NGX_CONF_ERROR; } if (rc == NGX_DONE) { ngx_conf_log_error(NGX_LOG_WARN, cf, 0, "low address bits of %V are meaningless", &value[i]); } switch (cidr.family) { case AF_INET: if (cpcf->access == NULL) { cpcf->access = ngx_array_create(cf->pool, cf->args->nelts - 3, sizeof(ngx_in_cidr_t)); if (cpcf->access == NULL) { return NGX_CONF_ERROR; } } access = ngx_array_push(cpcf->access); if (access == NULL) { return NGX_CONF_ERROR; } access->mask = cidr.u.in.mask; access->addr = cidr.u.in.addr; break; # if (NGX_HAVE_INET6) case AF_INET6: if (cpcf->access6 == NULL) { cpcf->access6 = ngx_array_create(cf->pool, cf->args->nelts - 3, sizeof(ngx_in6_cidr_t)); if (cpcf->access6 == NULL) { return NGX_CONF_ERROR; } } access6 = ngx_array_push(cpcf->access6); if (access6 == NULL) { return NGX_CONF_ERROR; } access6->mask = cidr.u.in6.mask; access6->addr = cidr.u.in6.addr; break; # endif /* NGX_HAVE_INET6 */ } } cpcf->enable = 1; return NGX_CONF_OK; }
static char * ngx_event_debug_connection(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { #if (NGX_DEBUG) ngx_event_conf_t *ecf = conf; ngx_int_t rc; ngx_str_t *value; ngx_url_t u; ngx_cidr_t c, *cidr; ngx_uint_t i; struct sockaddr_in *sin; #if (NGX_HAVE_INET6) struct sockaddr_in6 *sin6; #endif value = cf->args->elts; #if (NGX_HAVE_UNIX_DOMAIN) if (ngx_strcmp(value[1].data, "unix:") == 0) { cidr = ngx_array_push(&ecf->debug_connection); if (cidr == NULL) { return NGX_CONF_ERROR; } cidr->family = AF_UNIX; return NGX_CONF_OK; } #endif rc = ngx_ptocidr(&value[1], &c); if (rc != NGX_ERROR) { if (rc == NGX_DONE) { ngx_conf_log_error(NGX_LOG_WARN, cf, 0, "low address bits of %V are meaningless", &value[1]); } cidr = ngx_array_push(&ecf->debug_connection); if (cidr == NULL) { return NGX_CONF_ERROR; } *cidr = c; return NGX_CONF_OK; } ngx_memzero(&u, sizeof(ngx_url_t)); u.host = value[1]; if (ngx_inet_resolve_host(cf->pool, &u) != NGX_OK) { if (u.err) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "%s in debug_connection \"%V\"", u.err, &u.host); } return NGX_CONF_ERROR; } cidr = ngx_array_push_n(&ecf->debug_connection, u.naddrs); if (cidr == NULL) { return NGX_CONF_ERROR; } ngx_memzero(cidr, u.naddrs * sizeof(ngx_cidr_t)); for (i = 0; i < u.naddrs; i++) { cidr[i].family = u.addrs[i].sockaddr->sa_family; switch (cidr[i].family) { #if (NGX_HAVE_INET6) case AF_INET6: sin6 = (struct sockaddr_in6 *) u.addrs[i].sockaddr; cidr[i].u.in6.addr = sin6->sin6_addr; ngx_memset(cidr[i].u.in6.mask.s6_addr, 0xff, 16); break; #endif default: /* AF_INET */ sin = (struct sockaddr_in *) u.addrs[i].sockaddr; cidr[i].u.in.addr = sin->sin_addr.s_addr; cidr[i].u.in.mask = 0xffffffff; break; } } #else ngx_conf_log_error(NGX_LOG_WARN, cf, 0, "\"debug_connection\" is ignored, you need to rebuild " "nginx using --with-debug option to enable it"); #endif return NGX_CONF_OK; }
static char * ngx_rtmp_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { ngx_rtmp_access_app_conf_t *ascf = conf; ngx_int_t rc; ngx_uint_t all; ngx_str_t *value; ngx_cidr_t cidr; ngx_rtmp_access_rule_t *rule; #if (NGX_HAVE_INET6) ngx_rtmp_access_rule6_t *rule6; #endif size_t n; ngx_uint_t flags; ngx_memzero(&cidr, sizeof(ngx_cidr_t)); value = cf->args->elts; n = 1; flags = 0; if (cf->args->nelts == 2) { flags = NGX_RTMP_ACCESS_PUBLISH | NGX_RTMP_ACCESS_PLAY; } else { for(; n < cf->args->nelts - 1; ++n) { if (value[n].len == sizeof("publish") - 1 && ngx_strcmp(value[1].data, "publish") == 0) { flags |= NGX_RTMP_ACCESS_PUBLISH; continue; } if (value[n].len == sizeof("play") - 1 && ngx_strcmp(value[1].data, "play") == 0) { flags |= NGX_RTMP_ACCESS_PLAY; continue; } ngx_log_error(NGX_LOG_ERR, cf->log, 0, "unexpected access specified: '%V'", &value[n]); return NGX_CONF_ERROR; } } all = (value[n].len == 3 && ngx_strcmp(value[n].data, "all") == 0); if (!all) { rc = ngx_ptocidr(&value[n], &cidr); if (rc == NGX_ERROR) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"", &value[1]); return NGX_CONF_ERROR; } if (rc == NGX_DONE) { ngx_conf_log_error(NGX_LOG_WARN, cf, 0, "low address bits of %V are meaningless", &value[1]); } } switch (cidr.family) { #if (NGX_HAVE_INET6) case AF_INET6: case 0: /* all */ rule6 = ngx_array_push(&ascf->rules6); if (rule6 == NULL) { return NGX_CONF_ERROR; } rule6->mask = cidr.u.in6.mask; rule6->addr = cidr.u.in6.addr; rule6->deny = (value[0].data[0] == 'd') ? 1 : 0; rule6->flags = flags; if (!all) { break; } /* "all" passes through */ #endif default: /* AF_INET */ rule = ngx_array_push(&ascf->rules); if (rule == NULL) { return NGX_CONF_ERROR; } rule->mask = cidr.u.in.mask; rule->addr = cidr.u.in.addr; rule->deny = (value[0].data[0] == 'd') ? 1 : 0; rule->flags = flags; } return NGX_CONF_OK; }
static char * ngx_stream_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { ngx_stream_access_srv_conf_t *ascf = conf; ngx_int_t rc; ngx_uint_t all; ngx_str_t *value; ngx_cidr_t cidr; ngx_stream_access_rule_t *rule; #if (NGX_HAVE_INET6) ngx_stream_access_rule6_t *rule6; #endif #if (NGX_HAVE_UNIX_DOMAIN) ngx_stream_access_rule_un_t *rule_un; #endif ngx_memzero(&cidr, sizeof(ngx_cidr_t)); value = cf->args->elts; all = (value[1].len == 3 && ngx_strcmp(value[1].data, "all") == 0); if (!all) { #if (NGX_HAVE_UNIX_DOMAIN) if (value[1].len == 5 && ngx_strcmp(value[1].data, "unix:") == 0) { cidr.family = AF_UNIX; rc = NGX_OK; } else { rc = ngx_ptocidr(&value[1], &cidr); } #else rc = ngx_ptocidr(&value[1], &cidr); #endif if (rc == NGX_ERROR) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"", &value[1]); return NGX_CONF_ERROR; } if (rc == NGX_DONE) { ngx_conf_log_error(NGX_LOG_WARN, cf, 0, "low address bits of %V are meaningless", &value[1]); } } if (cidr.family == AF_INET || all) { if (ascf->rules == NULL) { ascf->rules = ngx_array_create(cf->pool, 4, sizeof(ngx_stream_access_rule_t)); if (ascf->rules == NULL) { return NGX_CONF_ERROR; } } rule = ngx_array_push(ascf->rules); if (rule == NULL) { return NGX_CONF_ERROR; } rule->mask = cidr.u.in.mask; rule->addr = cidr.u.in.addr; rule->deny = (value[0].data[0] == 'd') ? 1 : 0; } #if (NGX_HAVE_INET6) if (cidr.family == AF_INET6 || all) { if (ascf->rules6 == NULL) { ascf->rules6 = ngx_array_create(cf->pool, 4, sizeof(ngx_stream_access_rule6_t)); if (ascf->rules6 == NULL) { return NGX_CONF_ERROR; } } rule6 = ngx_array_push(ascf->rules6); if (rule6 == NULL) { return NGX_CONF_ERROR; } rule6->mask = cidr.u.in6.mask; rule6->addr = cidr.u.in6.addr; rule6->deny = (value[0].data[0] == 'd') ? 1 : 0; } #endif #if (NGX_HAVE_UNIX_DOMAIN) if (cidr.family == AF_UNIX || all) { if (ascf->rules_un == NULL) { ascf->rules_un = ngx_array_create(cf->pool, 1, sizeof(ngx_stream_access_rule_un_t)); if (ascf->rules_un == NULL) { return NGX_CONF_ERROR; } } rule_un = ngx_array_push(ascf->rules_un); if (rule_un == NULL) { return NGX_CONF_ERROR; } rule_un->deny = (value[0].data[0] == 'd') ? 1 : 0; } #endif return NGX_CONF_OK; }