深入理解ngx_http_proxy_connect_module模块(下)
目录
- 5. 源码分析
-
- 5.1 模块的初始化代码
- 5.2 请求入口点函数分析
-
- 5.2.1 ngx_http_proxy_connect_post_read_handler
- 5.2.2 ngx_http_proxy_connect_handler
- 5.3 域名解析回调
- 5.4 向上游服务器发起连接
-
- 5.4.1 ngx_http_proxy_connect_process_connect
- 5.4.2 ngx_http_proxy_connect_write_upstream
- 5.5 连接建立后向客户端发送CONNECT请求的响应
- 5.6 数据隧道透传
-
- 5.6.1 上下游连接的读写回调函数
- 5.6.1 ngx_http_proxy_connect_tunnel
- 5.7 关闭会话
- 6. 总结
对于模块的配置指令和内置变量的相关信息可以查看上半部分:深入理解ngx_http_proxy_connect_module模块(上)
5. 源码分析
废话不多说,直接进入源码环节。
5.1 模块的初始化代码
static ngx_http_module_t ngx_http_proxy_connect_module_ctx = {
ngx_http_proxy_connect_add_variables, /* preconfiguration */
ngx_http_proxy_connect_init, /* postconfiguration */
NULL, /* create main configuration */
NULL, /* init main configuration */
NULL, /* create server configuration */
NULL, /* merge server configuration */
ngx_http_proxy_connect_create_loc_conf, /* create location configuration */
ngx_http_proxy_connect_merge_loc_conf /* merge location configuration */
};
本模块设置了preconfiguration回调,用来在nginx框架中添加第4节列出的变量;本模块又设置了postconfiguration回调,用来设置回调钩子函数。ngx_http_proxy_connect_init代码如下:
static ngx_int_t
ngx_http_proxy_connect_init(ngx_conf_t *cf)
{
ngx_http_core_main_conf_t *cmcf;
ngx_http_handler_pt *h;
cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module);
h = ngx_array_push(&cmcf->phases[NGX_HTTP_POST_READ_PHASE].handlers);
if (h == NULL) {
return NGX_ERROR;
}
*h = ngx_http_proxy_connect_post_read_handler;
return NGX_OK;
}
ngx_http_proxy_connect_init代码非常简单,就是在NGX_HTTP_POST_READ_PHASE阶段设置一个回调函数ngx_http_proxy_connect_post_read_handler, NGX_HTTP_POST_READ_PHASE阶段是nginx 异步http处理框架收到客户端的http请求包后的第一个处理阶段。
然后再看一下proxy_connect配置指令的代码,如下:
static char *
ngx_http_proxy_connect(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_http_core_loc_conf_t *clcf;
ngx_http_proxy_connect_loc_conf_t *pclcf;
clcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_core_module);
clcf->handler = ngx_http_proxy_connect_handler;
pclcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_proxy_connect_module);
pclcf->accept_connect = 1;
return NGX_CONF_OK;
}
也是非常简单,就是设置一个NGX_HTTP_CONTENT_PHASE阶段的回调函数,以便在这个阶段来接管connect请求的处理逻辑。
5.2 请求入口点函数分析
5.2.1 ngx_http_proxy_connect_post_read_handler
ngx_http_proxy_connect_post_read_handler函数在NGX_HTTP_POST_READ_PHASE阶段被回调,如果发现当前的是CONNECT请求,则判断是否开启了proxy_connect,如果没有开启,则返回NGX_HTTP_NOT_ALLOWED,反之,则对当前的请求设置一个ngx_http_proxy_connect_ctx_t上下文,源码如下:
static ngx_int_t
ngx_http_proxy_connect_post_read_handler(ngx_http_request_t *r)
{
ngx_http_proxy_connect_ctx_t *ctx;
ngx_http_proxy_connect_loc_conf_t *pclcf;
if (r->method == NGX_HTTP_CONNECT) {
pclcf = ngx_http_get_module_loc_conf(r, ngx_http_proxy_connect_module);
if (!pclcf->accept_connect) {
ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
"proxy_connect: client sent connect method");
return NGX_HTTP_NOT_ALLOWED;
}
/* init ctx */
ctx = ngx_pcalloc(r->pool, sizeof(ngx_http_proxy_connect_ctx_t));
if (ctx == NULL) {
return NGX_ERROR;
}
ctx->buf.pos = (u_char *) NGX_HTTP_PROXY_CONNECT_ESTABLISTHED;
ctx->buf.last = ctx->buf.pos +
sizeof(NGX_HTTP_PROXY_CONNECT_ESTABLISTHED) - 1;
ctx->buf.memory = 1;
ctx->connect_timeout = pclcf->connect_timeout;
ctx->send_timeout = pclcf->send_timeout;
ctx->data_timeout = pclcf->data_timeout;
ngx_http_set_ctx(r, ctx, ngx_http_proxy_connect_module);
}
/* 返回NGX_DECLINED表示如果本阶段有其他的模块,就继续执行这些模块的回调函数。
return NGX_DECLINED;
}
5.2.2 ngx_http_proxy_connect_handler
nginx在经过以上ngx_http_proxy_connect_post_read_handler处理后,正常情况下都会会进入到NGX_HTTP_CONTENT_PHASE阶段,在这时就会回调ngx_http_proxy_connect_handler进行处理,源码如下:
static ngx_int_t
ngx_http_proxy_connect_handler(ngx_http_request_t *r)
{
ngx_url_t url;
ngx_int_t rc;
ngx_resolver_ctx_t *rctx, temp;
ngx_http_core_loc_conf_t *clcf;
ngx_http_proxy_connect_ctx_t *ctx;
ngx_http_proxy_connect_upstream_t *u;
ngx_http_proxy_connect_loc_conf_t *plcf;
plcf = ngx_http_get_module_loc_conf(r, ngx_http_proxy_connect_module);
/* 如果不是CONNECT请求或者配置中没有开启proxy_connect, 则本模块直接放弃处理 */
if (r->method != NGX_HTTP_CONNECT || !plcf->accept_connect) {
return NGX_DECLINED;
}
/* 判断客户端请求的端口是否在允许的范围内,如果不在范围内,则本模块直接放弃处理 */
rc = ngx_http_proxy_connect_allow_handler(r, plcf);
if (rc != NGX_OK) {
return rc;
}
/* 获取在ngx_http_proxy_connect_post_read_handler设置的上下文信息 */
ctx = ngx_http_get_module_ctx(r, ngx_http_proxy_connect_module);;
if (ngx_http_proxy_connect_upstream_create(r, ctx) != NGX_OK) {
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
u = ctx->u;
u->conf = plcf;
ngx_memzero(&url, sizeof(ngx_url_t));
/* 如果在配置文件中设置了proxy_connect_address,则根据设置的值作为连接上游服务器的地址 */
if (plcf->address) {
if (ngx_http_complex_value(r, plcf->address, &url.url) != NGX_OK) {
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
if (url.url.len == 0 || url.url.data == NULL) {
url.url.len = r->connect_host.len;
url.url.data = r->connect_host.data;
}
} else {
/* 没有设置proxy_connect_address,则用CONNECT请求头中的url地址中的host部分作为上游服务器的地址 */
url.url.len = r->connect_host.len;
url.url.data = r->connect_host.data;
}
/* 设置待连接上游服务器的端口 */
url.default_port = r->connect_port_n;
url.no_resolve = 1;
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"proxy_connect: connect handler: parse url: %V" , &url.url);
if (ngx_parse_url(r->pool, &url) != NGX_OK) {
if (url.err) {
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
"proxy_connect: %s in connect host \"%V\"",
url.err, &url.url);
return NGX_HTTP_FORBIDDEN;
}
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
/* 将当前请求的read和write的i/o事件处理回调函数进行设置,
因为当前暂时还不需要处理读写操作,只是用来进行连接是否中断的检测 */
r->read_event_handler = ngx_http_proxy_connect_rd_check_broken_connection;
r->write_event_handler = ngx_http_proxy_connect_wr_check_broken_connection;
/* NOTE:
* We use only one address in u->resolved,
* and u->resolved.host is "" format.
* u->resolved用来存放最终向上游服务器连接的ip+端口的地址。
*/
u->resolved = ngx_pcalloc(r->pool, sizeof(ngx_http_upstream_resolved_t));
if (u->resolved == NULL) {
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
/* rc = NGX_DECLINED */
if (url.addrs) {
/* 如果url.addrs中已经有目标地址,则用第一个地址来设置u->resolved */
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"proxy_connect: upstream address given directly");
u->resolved->sockaddr = url.addrs[0].sockaddr;
u->resolved->socklen = url.addrs[0].socklen;
#if defined(nginx_version) && nginx_version >= 1011007
u->resolved->name = url.addrs[0].name;
#endif
u->resolved->naddrs = 1;
}
u->resolved->host = url.host;
u->resolved->port = (in_port_t) (url.no_port ? r->connect_port_n : url.port);
u->resolved->no_port = url.no_port;
if (u->resolved->sockaddr) {
/* 目标地址已经设置好了,接下去就不需要进行域名解析直接进行连接了 */
rc = ngx_http_proxy_connect_sock_ntop(r, u);
if (rc != NGX_OK) {
return rc;
}
/* 当前的ngx_http_request_t的引用计数+1 */
r->main->count++;
/* 向上游服务器发起TCP连接请求 */
ngx_http_proxy_connect_process_connect(r, u);
return NGX_DONE;
}
/* 因为将连接的上游服务器是域名形式提供的,因此需要先通过域名解析后方可以发起连接 */
ngx_str_t *host = &url.host;
clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
temp.name = *host;
/* 设置请求上游服务器的开始时间 */
u->start_time = ngx_current_msec;
u->state.resolve_time = (ngx_msec_t) -1