static void
ngx_stream_proxy_connect_handler(ngx_event_t *ev)
{
ngx_connection_t *c;
ngx_stream_session_t *s;
c = ev->data;
s = c->data;
if (ev->timedout) {
ngx_log_error(NGX_LOG_ERR, c->log, NGX_ETIMEDOUT, "upstream timed out");
ngx_stream_proxy_next_upstream(s);
return;
}
ngx_del_timer(c->write);
ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0,
"stream proxy connect upstream");
if (ngx_stream_proxy_test_connect(c) != NGX_OK) {
ngx_stream_proxy_next_upstream(s);
return;
}
ngx_stream_proxy_init_upstream(s);
}
static void
ngx_stream_proxy_connect(ngx_stream_session_t *s)
{
ngx_int_t rc;
ngx_connection_t *c, *pc;
ngx_stream_upstream_t *u;
ngx_stream_proxy_srv_conf_t *pscf;
c = s->connection;
c->log->action = "connecting to upstream";
u = s->upstream;
rc = ngx_event_connect_peer(&u->peer);
ngx_log_debug1(NGX_LOG_DEBUG_STREAM, c->log, 0, "proxy connect: %i", rc);
pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module);
if (rc == NGX_ERROR) {
ngx_stream_proxy_finalize(s, NGX_ERROR);
return;
}
if (rc == NGX_BUSY) {
ngx_log_error(NGX_LOG_ERR, c->log, 0, "no live upstreams");
ngx_stream_proxy_finalize(s, NGX_DECLINED);
return;
}
if (rc == NGX_DECLINED) {
ngx_stream_proxy_next_upstream(s);
return;
}
/* rc == NGX_OK || rc == NGX_AGAIN || rc == NGX_DONE */
pc = u->peer.connection;
pc->data = s;
pc->log = c->log;
pc->pool = c->pool;
pc->read->log = c->log;
pc->write->log = c->log;
if (rc != NGX_AGAIN)
{
ngx_stream_proxy_init_upstream(s);
return;
}
pc->read->handler = ngx_stream_proxy_connect_handler;
pc->write->handler = ngx_stream_proxy_connect_handler;
ngx_add_timer(pc->write, pscf->connect_timeout);
}
static void
ngx_stream_proxy_ssl_handshake(ngx_connection_t *pc)
{
long rc;
ngx_stream_session_t *s;
ngx_stream_upstream_t *u;
ngx_stream_proxy_srv_conf_t *pscf;
s = pc->data;
pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module);
if (pc->ssl->handshaked) {
if (pscf->ssl_verify) {
rc = SSL_get_verify_result(pc->ssl->connection);
if (rc != X509_V_OK) {
ngx_log_error(NGX_LOG_ERR, pc->log, 0,
"upstream SSL certificate verify error: (%l:%s)",
rc, X509_verify_cert_error_string(rc));
goto failed;
}
u = s->upstream;
if (ngx_ssl_check_host(pc, &u->ssl_name) != NGX_OK) {
ngx_log_error(NGX_LOG_ERR, pc->log, 0,
"upstream SSL certificate does not match \"%V\"",
&u->ssl_name);
goto failed;
}
}
if (pscf->ssl_session_reuse) {
u = s->upstream;
u->peer.save_session(&u->peer, u->peer.data);
}
if (pc->write->timer_set) {
ngx_del_timer(pc->write);
}
ngx_stream_proxy_init_upstream(s);
return;
}
failed:
ngx_stream_proxy_next_upstream(s);
}
static void
ngx_stream_proxy_process_connection(ngx_event_t *ev, ngx_uint_t from_upstream)
{
ngx_connection_t *c, *pc;
ngx_stream_session_t *s;
ngx_stream_upstream_t *u;
ngx_stream_proxy_srv_conf_t *pscf;
c = ev->data;
s = c->data;
u = s->upstream;
c = s->connection;
pc = u->peer.connection;
pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module);
if (ev->timedout) {
ev->timedout = 0;
if (ev->delayed) {
ev->delayed = 0;
if (!ev->ready) {
if (ngx_handle_read_event(ev, 0) != NGX_OK) {
ngx_stream_proxy_finalize(s, NGX_ERROR);
return;
}
if (u->connected && !c->read->delayed && !pc->read->delayed) {
ngx_add_timer(c->write, pscf->timeout);
}
return;
}
} else {
if (s->connection->type == SOCK_DGRAM) {
if (pscf->responses == NGX_MAX_INT32_VALUE) {
/*
* successfully terminate timed out UDP session
* with unspecified number of responses
*/
pc->read->ready = 0;
pc->read->eof = 1;
ngx_stream_proxy_process(s, 1, 0);
return;
}
if (u->received == 0) {
ngx_stream_proxy_next_upstream(s);
return;
}
}
ngx_connection_error(c, NGX_ETIMEDOUT, "connection timed out");
ngx_stream_proxy_finalize(s, NGX_DECLINED);
return;
}
} else if (ev->delayed) {
ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0,
"stream connection delayed");
if (ngx_handle_read_event(ev, 0) != NGX_OK) {
ngx_stream_proxy_finalize(s, NGX_ERROR);
}
return;
}
if (from_upstream && !u->connected) {
return;
}
ngx_stream_proxy_process(s, from_upstream, ev->write);
}
static void
ngx_stream_proxy_init_upstream(ngx_stream_session_t *s)
{
int tcp_nodelay;
u_char *p;
ngx_connection_t *c, *pc;
ngx_log_handler_pt handler;
ngx_stream_upstream_t *u;
ngx_stream_core_srv_conf_t *cscf;
ngx_stream_proxy_srv_conf_t *pscf;
u = s->upstream;
pc = u->peer.connection;
cscf = ngx_stream_get_module_srv_conf(s, ngx_stream_core_module);
if (pc->type == SOCK_STREAM
&& cscf->tcp_nodelay
&& pc->tcp_nodelay == NGX_TCP_NODELAY_UNSET)
{
ngx_log_debug0(NGX_LOG_DEBUG_STREAM, pc->log, 0, "tcp_nodelay");
tcp_nodelay = 1;
if (setsockopt(pc->fd, IPPROTO_TCP, TCP_NODELAY,
(const void *) &tcp_nodelay, sizeof(int)) == -1)
{
ngx_connection_error(pc, ngx_socket_errno,
"setsockopt(TCP_NODELAY) failed");
ngx_stream_proxy_next_upstream(s);
return;
}
pc->tcp_nodelay = NGX_TCP_NODELAY_SET;
}
if (u->proxy_protocol) {
if (ngx_stream_proxy_send_proxy_protocol(s) != NGX_OK) {
return;
}
u->proxy_protocol = 0;
}
pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module);
#if (NGX_STREAM_SSL)
if (pc->type == SOCK_STREAM && pscf->ssl && pc->ssl == NULL) {
ngx_stream_proxy_ssl_init_connection(s);
return;
}
#endif
c = s->connection;
if (c->log->log_level >= NGX_LOG_INFO) {
ngx_str_t str;
u_char addr[NGX_SOCKADDR_STRLEN];
str.len = NGX_SOCKADDR_STRLEN;
str.data = addr;
if (ngx_connection_local_sockaddr(pc, &str, 1) == NGX_OK) {
handler = c->log->handler;
c->log->handler = NULL;
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"%sproxy %V connected to %V",
pc->type == SOCK_DGRAM ? "udp " : "",
&str, u->peer.name);
c->log->handler = handler;
}
}
c->log->action = "proxying connection";
if (u->upstream_buf.start == NULL) {
p = ngx_pnalloc(c->pool, pscf->buffer_size);
if (p == NULL) {
ngx_stream_proxy_finalize(s, NGX_ERROR);
return;
}
u->upstream_buf.start = p;
u->upstream_buf.end = p + pscf->buffer_size;
u->upstream_buf.pos = p;
u->upstream_buf.last = p;
}
if (c->type == SOCK_DGRAM) {
s->received = c->buffer->last - c->buffer->pos;
u->downstream_buf = *c->buffer;
if (pscf->responses == 0) {
pc->read->ready = 0;
pc->read->eof = 1;
}
}
u->connected = 1;
pc->read->handler = ngx_stream_proxy_upstream_handler;
pc->write->handler = ngx_stream_proxy_upstream_handler;
if (pc->read->ready || pc->read->eof) {
ngx_post_event(pc->read, &ngx_posted_events);
}
ngx_stream_proxy_process(s, 0, 1);
}
static void
ngx_stream_proxy_process(ngx_stream_session_t *s, ngx_uint_t from_upstream,
ngx_uint_t do_write)
{
off_t *received, limit;
size_t size, limit_rate;
ssize_t n;
ngx_buf_t *b;
ngx_uint_t flags;
ngx_msec_t delay;
ngx_connection_t *c, *pc, *src, *dst;
ngx_log_handler_pt handler;
ngx_stream_upstream_t *u;
ngx_stream_proxy_srv_conf_t *pscf;
u = s->upstream;
c = s->connection;
pc = u->connected ? u->peer.connection : NULL;
if (c->type == SOCK_DGRAM && (ngx_terminate || ngx_exiting)) {
/* socket is already closed on worker shutdown */
handler = c->log->handler;
c->log->handler = NULL;
ngx_log_error(NGX_LOG_INFO, c->log, 0, "disconnected on shutdown");
c->log->handler = handler;
ngx_stream_proxy_finalize(s, NGX_OK);
return;
}
pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module);
if (from_upstream) {
src = pc;
dst = c;
b = &u->upstream_buf;
limit_rate = pscf->download_rate;
received = &u->received;
} else {
src = c;
dst = pc;
b = &u->downstream_buf;
limit_rate = pscf->upload_rate;
received = &s->received;
}
for ( ;; ) {
if (do_write) {
size = b->last - b->pos;
if (size && dst && dst->write->ready) {
n = dst->send(dst, b->pos, size);
if (n == NGX_AGAIN && dst->shared) {
/* cannot wait on a shared socket */
n = NGX_ERROR;
}
if (n == NGX_ERROR) {
if (c->type == SOCK_DGRAM && !from_upstream) {
ngx_stream_proxy_next_upstream(s);
return;
}
ngx_stream_proxy_finalize(s, NGX_DECLINED);
return;
}
if (n > 0) {
b->pos += n;
if (b->pos == b->last) {
b->pos = b->start;
b->last = b->start;
}
}
}
}
size = b->end - b->last;
if (size && src->read->ready && !src->read->delayed) {
if (limit_rate) {
limit = (off_t) limit_rate * (ngx_time() - u->start_sec + 1)
- *received;
if (limit <= 0) {
src->read->delayed = 1;
delay = (ngx_msec_t) (- limit * 1000 / limit_rate + 1);
ngx_add_timer(src->read, delay);
break;
}
if ((off_t) size > limit) {
size = (size_t) limit;
}
}
n = src->recv(src, b->last, size);
if (n == NGX_AGAIN || n == 0) {
break;
}
if (n > 0) {
if (limit_rate) {
delay = (ngx_msec_t) (n * 1000 / limit_rate);
if (delay > 0) {
src->read->delayed = 1;
ngx_add_timer(src->read, delay);
}
}
if (c->type == SOCK_DGRAM && ++u->responses == pscf->responses)
{
src->read->ready = 0;
src->read->eof = 1;
}
*received += n;
b->last += n;
do_write = 1;
continue;
}
if (n == NGX_ERROR) {
if (c->type == SOCK_DGRAM && u->received == 0) {
ngx_stream_proxy_next_upstream(s);
return;
}
src->read->eof = 1;
}
}
break;
}
if (src->read->eof && (b->pos == b->last || (dst && dst->read->eof))) {
handler = c->log->handler;
c->log->handler = NULL;
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"%s%s disconnected"
", bytes from/to client:%O/%O"
", bytes from/to upstream:%O/%O",
src->type == SOCK_DGRAM ? "udp " : "",
from_upstream ? "upstream" : "client",
s->received, c->sent, u->received, pc ? pc->sent : 0);
c->log->handler = handler;
ngx_stream_proxy_finalize(s, NGX_OK);
return;
}
flags = src->read->eof ? NGX_CLOSE_EVENT : 0;
if (!src->shared && ngx_handle_read_event(src->read, flags) != NGX_OK) {
ngx_stream_proxy_finalize(s, NGX_ERROR);
return;
}
if (dst) {
if (!dst->shared && ngx_handle_write_event(dst->write, 0) != NGX_OK) {
ngx_stream_proxy_finalize(s, NGX_ERROR);
return;
}
if (!c->read->delayed && !pc->read->delayed) {
ngx_add_timer(c->write, pscf->timeout);
} else if (c->write->timer_set) {
ngx_del_timer(c->write);
}
}
}
