www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-05 16:55:50 +03:00
Code Activity

Introduce a per connection "peer_ip" and a per request "client_ip" to

Browse Source 
distinguish between the raw IP address of the connection and the effective
IP address of the request.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1206291 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Graham Leggett
2011-11-25 19:42:04 +00:00
parent 984c3a345c
commit 394e5594d6
24 changed files with 74 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
include/httpd.h
View File

@@ -1007,8 +1007,8 @@ struct request_rec {
/** remote address information from conn_rec, can be overridden if
* necessary by a module.
*/
apr_sockaddr_t *remote_addr;
char *remote_ip;
apr_sockaddr_t *client_addr;
char *client_ip;
};
/**
@@ -1052,10 +1052,10 @@ struct conn_rec {
/** local address */
apr_sockaddr_t *local_addr;
/** remote address */
apr_sockaddr_t *remote_addr;
apr_sockaddr_t *peer_addr;
/** Client's IP address */
char *remote_ip;
char *peer_ip;
/** Client's DNS name, if known. NULL if DNS hasn't been checked,
* "" if it has and no address was found. N.B. Only access this though
* get_remote_host() */

2
modules/aaa/mod_access_compat.c
View File

@@ -271,7 +271,7 @@ static int find_allowdeny(request_rec *r, apr_array_header_t *a, int method)
return 1;
case T_IP:
if (apr_ipsubnet_test(ap[i].x.ip, r->remote_addr)) {
if (apr_ipsubnet_test(ap[i].x.ip, r->client_addr)) {
return 1;
}
break;

8
modules/aaa/mod_authz_host.c
View File

@@ -153,7 +153,7 @@ static authz_status ip_check_authorization(request_rec *r,
apr_ipsubnet_t **ip = (apr_ipsubnet_t **)parsed_require_line;
while (*ip) {
if (apr_ipsubnet_test(*ip, r->remote_addr))
if (apr_ipsubnet_test(*ip, r->client_addr))
return AUTHZ_GRANTED;
ip++;
}
@@ -201,10 +201,10 @@ static authz_status local_check_authorization(request_rec *r,
const void *parsed_require_line)
{
if ( apr_sockaddr_equal(r->connection->local_addr,
r->remote_addr)
|| apr_ipsubnet_test(localhost_v4, r->remote_addr)
r->client_addr)
|| apr_ipsubnet_test(localhost_v4, r->client_addr)
#if APR_HAVE_IPV6
|| apr_ipsubnet_test(localhost_v6, r->remote_addr)
|| apr_ipsubnet_test(localhost_v6, r->client_addr)
#endif
)
{

2
modules/arch/netware/mod_nw_ssl.c
View File

@@ -1001,7 +1001,7 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r,
else if (strcEQ(var, "REQUEST_FILENAME"))
result = r->filename;
else if (strcEQ(var, "REMOTE_ADDR"))
result = r->remote_ip;
result = r->client_ip;
else if (strcEQ(var, "REMOTE_HOST"))
result = ap_get_remote_host(r->connection, r->per_dir_config,
REMOTE_NAME, NULL);

6
modules/echo/mod_echo.c
View File

@@ -154,7 +154,7 @@ static int process_echo_connection(conn_rec *c)
if (!APR_STATUS_IS_EOF(rv) && ! APR_STATUS_IS_TIMEUP(rv))
ap_log_error(APLOG_MARK, APLOG_INFO, rv, c->base_server,
"ProtocolEcho: Failure reading from %s",
c->remote_ip);
c->peer_ip);
break;
}
@@ -163,7 +163,7 @@ static int process_echo_connection(conn_rec *c)
apr_brigade_cleanup(bb);
ap_log_error(APLOG_MARK, APLOG_INFO, rv, c->base_server,
"ProtocolEcho: Error - read empty brigade from %s!",
c->remote_ip);
c->peer_ip);
break;
}
@@ -181,7 +181,7 @@ static int process_echo_connection(conn_rec *c)
if (rv != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_INFO, rv, c->base_server,
"ProtocolEcho: Failure writing to %s",
c->remote_ip);
c->peer_ip);
break;
}
apr_brigade_cleanup(bb);

4
modules/experimental/mod_noloris.c
View File

@@ -67,11 +67,11 @@ static int noloris_conn(conn_rec *conn)
/* check the IP is not banned */
shm_rec = apr_shm_baseaddr_get(shm);
while (shm_rec[0] != '\0') {
if (!strcmp(shm_rec, conn->remote_ip)) {
if (!strcmp(shm_rec, conn->peer_ip)) {
apr_socket_t *csd = ap_get_conn_socket(conn);
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, conn,
"Dropping connection from banned IP %s",
conn->remote_ip);
conn->peer_ip);
apr_socket_close(csd);
return DONE;

2
modules/filters/mod_ext_filter.c
View File

@@ -406,7 +406,7 @@ static void child_errfn(apr_pool_t *pool, apr_status_t err, const char *descript
apr_file_printf(stderr_log,
"[%s] [client %s] mod_ext_filter (%d)%s: %s\n",
time_str,
r->remote_ip,
r->client_ip,
err,
apr_strerror(err, errbuf, sizeof(errbuf)),
description);

4
modules/http/http_request.c
View File

@@ -439,8 +439,8 @@ static request_rec *internal_internal_redirect(const char *new_uri,
new->prev = r;
r->next = new;
new->remote_addr = r->remote_addr;
new->remote_ip = r->remote_ip;
new->client_addr = r->client_addr;
new->client_ip = r->client_ip;
/* Must have prev and next pointers set before calling create_request
* hook.

6
modules/loggers/mod_log_config.c
View File

@@ -311,10 +311,10 @@ static const char *log_remote_host(request_rec *r, char *a)
static const char *log_remote_address(request_rec *r, char *a)
{
if (a && !strcmp(a, "c")) {
return r->connection->remote_ip;
return r->connection->peer_ip;
}
else {
return r->remote_ip;
return r->client_ip;
}
}
@@ -763,7 +763,7 @@ static const char *log_server_port(request_rec *r, char *a)
port = r->server->port ? r->server->port : ap_default_port(r);
}
else if (!strcasecmp(a, "remote")) {
port = r->remote_addr->port;
port = r->client_addr->port;
}
else if (!strcasecmp(a, "local")) {
port = r->connection->local_addr->port;

2
modules/lua/lua_request.c
View File

@@ -743,7 +743,7 @@ AP_LUA_DECLARE(void) ap_lua_push_connection(lua_State *L, conn_rec *c)
ap_lua_push_apr_table(L, c->notes);
lua_setfield(L, -2, "notes");
lua_pushstring(L, c->remote_ip);
lua_pushstring(L, c->peer_ip);
lua_setfield(L, -2, "remote_ip");
lua_pop(L, 1);

6
modules/mappers/mod_rewrite.c
View File

@@ -1860,7 +1860,7 @@ static char *lookup_variable(char *var, rewrite_ctx *ctx)
else if (!strcmp(var, "IPV6")) {
int flag = FALSE;
#if APR_HAVE_IPV6
apr_sockaddr_t *addr = r->remote_addr;
apr_sockaddr_t *addr = r->client_addr;
flag = (addr->family == AF_INET6 &&
!IN6_IS_ADDR_V4MAPPED((struct in6_addr *)addr->ipaddr_ptr));
rewritelog((r, 1, ctx->perdir, "IPV6='%s'", flag ? "on" : "off"));
@@ -1966,7 +1966,7 @@ static char *lookup_variable(char *var, rewrite_ctx *ctx)
case 'D':
if (*var == 'R' && !strcmp(var, "REMOTE_ADDR")) {
result = r->remote_ip;
result = r->client_ip;
}
else if (!strcmp(var, "SERVER_ADDR")) {
result = r->connection->local_ip;
@@ -2005,7 +2005,7 @@ static char *lookup_variable(char *var, rewrite_ctx *ctx)
REMOTE_NAME, NULL);
}
else if (!strcmp(var, "REMOTE_PORT")) {
return apr_itoa(r->pool, r->remote_addr->port);
return apr_itoa(r->pool, r->client_addr->port);
}
break;

6
modules/metadata/mod_ident.c
View File

@@ -101,14 +101,14 @@ static apr_status_t rfc1413_connect(apr_socket_t **newsock, conn_rec *conn,
return rv;
}
if ((rv = apr_sockaddr_info_get(&destsa, conn->remote_ip,
if ((rv = apr_sockaddr_info_get(&destsa, conn->peer_ip,
localsa->family, /* has to match */
RFC1413_PORT, 0, conn->pool)) != APR_SUCCESS) {
/* This should not fail since we have a numeric address string
* as the host. */
ap_log_error(APLOG_MARK, APLOG_CRIT, rv, srv,
"rfc1413: apr_sockaddr_info_get(%s) failed",
conn->remote_ip);
conn->peer_ip);
return rv;
}
@@ -167,7 +167,7 @@ static apr_status_t rfc1413_query(apr_socket_t *sock, conn_rec *conn,
apr_size_t buflen;
sav_our_port = conn->local_addr->port;
sav_rmt_port = conn->remote_addr->port;
sav_rmt_port = conn->peer_addr->port;
/* send the data */
buflen = apr_snprintf(buffer, sizeof(buffer), "%hu,%hu\r\n", sav_rmt_port,

26
modules/metadata/mod_remoteip.c
View File

@@ -51,8 +51,8 @@ typedef struct {
} remoteip_config_t;
typedef struct {
apr_sockaddr_t *remote_addr;
char *remote_ip;
apr_sockaddr_t *client_addr;
char *client_ip;
/** The list of proxy ip's ignored as remote ip's */
const char *proxy_ips;
/** The remaining list of untrusted proxied remote ip's */
@@ -243,18 +243,18 @@ static int remoteip_modify_request(request_rec *r)
}
remote = apr_pstrdup(r->pool, remote);
temp_sa = c->remote_addr;
temp_sa = c->peer_addr;
while (remote) {
/* verify c->remote_addr is trusted if there is a trusted proxy list
/* verify c->peer_addr is trusted if there is a trusted proxy list
*/
if (config->proxymatch_ip) {
int i;
remoteip_proxymatch_t *match;
match = (remoteip_proxymatch_t *)config->proxymatch_ip->elts;
for (i = 0; i < config->proxymatch_ip->nelts; ++i) {
if (apr_ipsubnet_test(match[i].ip, c->remote_addr)) {
if (apr_ipsubnet_test(match[i].ip, c->peer_addr)) {
internal = match[i].internal;
break;
}
@@ -356,19 +356,19 @@ static int remoteip_modify_request(request_rec *r)
req = (remoteip_req_t *) apr_palloc(r->pool, sizeof(remoteip_req_t));
}
/* Set remote_ip string */
/* Set peer_ip string */
if (!internal) {
if (proxy_ips) {
proxy_ips = apr_pstrcat(r->pool, proxy_ips, ", ",
c->remote_ip, NULL);
c->peer_ip, NULL);
}
else {
proxy_ips = c->remote_ip;
proxy_ips = c->peer_ip;
}
}
req->remote_addr = temp_sa;
apr_sockaddr_ip_get(&req->remote_ip, req->remote_addr);
req->client_addr = temp_sa;
apr_sockaddr_ip_get(&req->client_ip, req->client_addr);
}
/* Nothing happened? */
@@ -394,14 +394,14 @@ static int remoteip_modify_request(request_rec *r)
}
}
r->remote_addr = req->remote_addr;
r->remote_ip = req->remote_ip;
r->client_addr = req->client_addr;
r->client_ip = req->client_ip;
ap_log_rerror(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r,
req->proxy_ips
? "Using %s as client's IP by proxies %s"
: "Using %s as client's IP by internal proxies",
req->remote_ip, req->proxy_ips);
req->client_ip, req->proxy_ips);
return OK;
}

2
modules/metadata/mod_setenvif.c
View File

@@ -527,7 +527,7 @@ static int match_headers(request_rec *r)
last_name = b->name;
switch (b->special_type) {
case SPECIAL_REMOTE_ADDR:
val = r->remote_ip;
val = r->client_ip;
break;
case SPECIAL_SERVER_ADDR:
val = r->connection->local_ip;

4
modules/proxy/ajp_header.c
View File

@@ -247,7 +247,7 @@ static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg,
ajp_msg_append_uint8(msg, (apr_byte_t) method) ||
ajp_msg_append_string(msg, r->protocol) ||
ajp_msg_append_string(msg, uri->path) ||
ajp_msg_append_string(msg, r->remote_ip) ||
ajp_msg_append_string(msg, r->client_ip) ||
ajp_msg_append_string(msg, remote_host) ||
ajp_msg_append_string(msg, ap_get_server_name(r)) ||
ajp_msg_append_uint16(msg, (apr_uint16_t)r->connection->local_addr->port) ||
@@ -413,7 +413,7 @@ static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg,
*/
{
const char *key = SC_A_REQ_REMOTE_PORT;
char *val = apr_itoa(r->pool, r->remote_addr->port);
char *val = apr_itoa(r->pool, r->client_addr->port);
if (ajp_msg_append_uint8(msg, SC_A_REQ_ATTRIBUTE) ||
ajp_msg_append_string(msg, key) ||
ajp_msg_append_string(msg, val)) {

12
modules/proxy/mod_proxy_http.c
View File

@@ -532,7 +532,7 @@ static int stream_reqbody_cl(apr_pool_t *p,
if (bytes_streamed != cl_val) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"client %s given Content-Length did not match"
" number of body bytes read", r->connection->remote_ip);
" number of body bytes read", r->connection->peer_ip);
return HTTP_BAD_REQUEST;
}
@@ -858,7 +858,7 @@ int ap_proxy_http_request(apr_pool_t *p, request_rec *r,
* determine, where the original request came from.
*/
apr_table_mergen(r->headers_in, "X-Forwarded-For",
r->remote_ip);
r->client_ip);
/* Add X-Forwarded-Host: so that upstream knows what the
* original request hostname was.
@@ -1002,7 +1002,7 @@ int ap_proxy_http_request(apr_pool_t *p, request_rec *r,
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
"client %s (%s) requested Transfer-Encoding "
"chunked body with Content-Length (C-L ignored)",
c->remote_ip, c->remote_host ? c->remote_host: "");
c->peer_ip, c->remote_host ? c->remote_host: "");
apr_table_unset(r->headers_in, "Content-Length");
old_cl_val = NULL;
origin->keepalive = AP_CONN_CLOSE;
@@ -1027,7 +1027,7 @@ int ap_proxy_http_request(apr_pool_t *p, request_rec *r,
"prefetch request body failed to %pI (%s)"
" from %s (%s)",
p_conn->addr, p_conn->hostname ? p_conn->hostname: "",
c->remote_ip, c->remote_host ? c->remote_host: "");
c->peer_ip, c->remote_host ? c->remote_host: "");
return HTTP_BAD_REQUEST;
}
@@ -1049,7 +1049,7 @@ int ap_proxy_http_request(apr_pool_t *p, request_rec *r,
"processing prefetched request body failed"
" to %pI (%s) from %s (%s)",
p_conn->addr, p_conn->hostname ? p_conn->hostname: "",
c->remote_ip, c->remote_host ? c->remote_host: "");
c->peer_ip, c->remote_host ? c->remote_host: "");
return HTTP_INTERNAL_SERVER_ERROR;
}
@@ -1188,7 +1188,7 @@ skip_body:
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"pass request body failed to %pI (%s) from %s (%s)",
p_conn->addr, p_conn->hostname ? p_conn->hostname: "",
c->remote_ip, c->remote_host ? c->remote_host: "");
c->peer_ip, c->remote_host ? c->remote_host: "");
return rv;
}

2
modules/ssl/ssl_engine_kernel.c
View File

@@ -917,7 +917,7 @@ int ssl_hook_Access(request_rec *r)
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
"Access to %s denied for %s "
"(requirement expression not fulfilled)",
r->filename, r->remote_ip);
r->filename, r->client_ip);
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
"Failed expression: %s", req->cpExpr);

2
modules/ssl/ssl_engine_vars.c
View File

@@ -188,7 +188,7 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r,
else if (strcEQ(var, "REQUEST_FILENAME"))
result = r->filename;
else if (strcEQ(var, "REMOTE_ADDR"))
result = r->remote_ip;
result = r->client_ip;
else if (strcEQ(var, "REMOTE_HOST"))
result = ap_get_remote_host(r->connection, r->per_dir_config,
REMOTE_NAME, NULL);

10
server/core.c
View File

@@ -829,7 +829,7 @@ static APR_INLINE void do_double_reverse (conn_rec *conn)
rv = apr_sockaddr_info_get(&sa, conn->remote_host, APR_UNSPEC, 0, 0, conn->pool);
if (rv == APR_SUCCESS) {
while (sa) {
if (apr_sockaddr_equal(sa, conn->remote_addr)) {
if (apr_sockaddr_equal(sa, conn->peer_addr)) {
conn->double_reverse = 1;
return;
}
@@ -871,7 +871,7 @@ AP_DECLARE(const char *) ap_get_remote_host(conn_rec *conn, void *dir_config,
&& (type == REMOTE_DOUBLE_REV
|| hostname_lookups != HOSTNAME_LOOKUP_OFF)) {
if (apr_getnameinfo(&conn->remote_host, conn->remote_addr, 0)
if (apr_getnameinfo(&conn->remote_host, conn->peer_addr, 0)
== APR_SUCCESS) {
ap_str_tolower(conn->remote_host);
@@ -910,7 +910,7 @@ AP_DECLARE(const char *) ap_get_remote_host(conn_rec *conn, void *dir_config,
}
else {
*str_is_ip = 1;
return conn->remote_ip;
return conn->peer_ip;
}
}
}
@@ -4497,7 +4497,7 @@ static conn_rec *core_create_conn(apr_pool_t *ptrans, server_rec *server,
}
apr_sockaddr_ip_get(&c->local_ip, c->local_addr);
if ((rv = apr_socket_addr_get(&c->remote_addr, APR_REMOTE, csd))
if ((rv = apr_socket_addr_get(&c->peer_addr, APR_REMOTE, csd))
!= APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_INFO, rv, server,
"apr_socket_addr_get(APR_REMOTE)");
@@ -4505,7 +4505,7 @@ static conn_rec *core_create_conn(apr_pool_t *ptrans, server_rec *server,
return NULL;
}
apr_sockaddr_ip_get(&c->remote_ip, c->remote_addr);
apr_sockaddr_ip_get(&c->peer_ip, c->peer_addr);
c->base_server = server;
c->id = id;

14
server/log.c
View File

@@ -562,11 +562,11 @@ static int log_remote_address(const ap_errorlog_info *info, const char *arg,
char *buf, int buflen)
{
if (info->r && !(arg && *arg == 'c'))
return apr_snprintf(buf, buflen, "%s:%d", info->r->remote_ip,
info->r->remote_addr->port);
return apr_snprintf(buf, buflen, "%s:%d", info->r->client_ip,
info->r->client_addr->port);
else if (info->c)
return apr_snprintf(buf, buflen, "%s:%d", info->c->remote_ip,
info->c->remote_addr->port);
return apr_snprintf(buf, buflen, "%s:%d", info->c->peer_ip,
info->c->peer_addr->port);
else
return 0;
}
@@ -962,18 +962,18 @@ static int do_errorlog_default(const ap_errorlog_info *info, char *buf,
}
/*
* remote_ip can be client or backend server. If we have a scoreboard
* client_ip/peer_ip can be client or backend server. If we have a scoreboard
* handle, it is likely a client.
*/
if (info->r) {
len += apr_snprintf(buf + len, buflen - len,
info->r->connection->sbh ? "[client %s:%d] " : "[remote %s:%d] ",
info->r->remote_ip, info->r->remote_addr->port);
info->r->client_ip, info->r->client_addr->port);
}
else if (info->c) {
len += apr_snprintf(buf + len, buflen - len,
info->c->sbh ? "[client %s:%d] " : "[remote %s:%d] ",
info->c->remote_ip, info->c->remote_addr->port);
info->c->peer_ip, info->c->peer_addr->port);
}
/* the actual error message */

4
server/protocol.c
View File

@@ -979,8 +979,8 @@ request_rec *ap_read_request(conn_rec *conn)
*/
r->used_path_info = AP_REQ_DEFAULT_PATH_INFO;
r->remote_addr = conn->remote_addr;
r->remote_ip = conn->remote_ip;
r->client_addr = conn->peer_addr;
r->client_ip = conn->peer_ip;
tmp_bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);

4
server/request.c
View File

@@ -1832,8 +1832,8 @@ static request_rec *make_sub_request(const request_rec *r,
rnew->output_filters = r->proto_output_filters;
}
rnew->remote_addr = r->remote_addr;
rnew->remote_ip = r->remote_ip;
rnew->client_addr = r->client_addr;
rnew->client_ip = r->client_ip;
/* no input filters for a subrequest */

8
server/util_expr_eval.c
View File

@@ -1206,7 +1206,7 @@ static const char *conn_var_fn(ap_expr_eval_ctx_t *ctx, const void *data)
case 1:
#if APR_HAVE_IPV6
{
apr_sockaddr_t *addr = c->remote_addr;
apr_sockaddr_t *addr = c->peer_addr;
if (addr->family == AF_INET6
&& !IN6_IS_ADDR_V4MAPPED((struct in6_addr *)addr->ipaddr_ptr))
return "on";
@@ -1219,7 +1219,7 @@ static const char *conn_var_fn(ap_expr_eval_ctx_t *ctx, const void *data)
case 2:
return c->log_id;
case 3:
return c->remote_ip;
return c->peer_ip;
default:
ap_assert(0);
return NULL;
@@ -1342,7 +1342,7 @@ static const char *request_var_fn(ap_expr_eval_ctx_t *ctx, const void *data)
case 27:
return r->status ? apr_psprintf(ctx->p, "%d", r->status) : "";
case 28:
return r->remote_ip;
return r->client_ip;
default:
ap_assert(0);
return NULL;
@@ -1491,7 +1491,7 @@ static int op_R(ap_expr_eval_ctx_t *ctx, const void *data, const char *arg1)
if (!ctx->r)
return FALSE;
return apr_ipsubnet_test(subnet, ctx->r->remote_addr);
return apr_ipsubnet_test(subnet, ctx->r->client_addr);
}
static int op_T(ap_expr_eval_ctx_t *ctx, const void *data, const char *arg)

4
server/util_script.c
View File

@@ -235,7 +235,7 @@ AP_DECLARE(void) ap_add_common_vars(request_rec *r)
apr_psprintf(r->pool, "%u", ap_get_server_port(r)));
add_unless_null(e, "REMOTE_HOST",
ap_get_remote_host(c, r->per_dir_config, REMOTE_HOST, NULL));
apr_table_addn(e, "REMOTE_ADDR", c->remote_ip);
apr_table_addn(e, "REMOTE_ADDR", r->client_ip);
apr_table_addn(e, "DOCUMENT_ROOT", ap_document_root(r)); /* Apache */
apr_table_setn(e, "REQUEST_SCHEME", ap_http_scheme(r));
apr_table_addn(e, "CONTEXT_PREFIX", ap_context_prefix(r));
@@ -243,7 +243,7 @@ AP_DECLARE(void) ap_add_common_vars(request_rec *r)
apr_table_addn(e, "SERVER_ADMIN", s->server_admin); /* Apache */
apr_table_addn(e, "SCRIPT_FILENAME", r->filename); /* Apache */
rport = c->remote_addr->port;
rport = c->peer_addr->port;
apr_table_addn(e, "REMOTE_PORT", apr_itoa(r->pool, rport));
if (r->user) {