blob: 31df316e4838036d6552b6aa45ac5aac8777cc4e [file] [log] [blame] [raw]
/*
* Copyright (C) Igor Sysoev
*/
#include <ngx_config.h>
#include <ngx_core.h>
#include <ngx_http.h>
typedef struct {
u_char color;
u_char len;
u_short conn;
u_char data[1];
} ngx_http_limit_zone_node_t;
typedef struct {
ngx_shm_zone_t *shm_zone;
ngx_rbtree_node_t *node;
} ngx_http_limit_zone_cleanup_t;
typedef struct {
ngx_rbtree_t *rbtree;
ngx_int_t index;
ngx_str_t var;
} ngx_http_limit_zone_ctx_t;
typedef struct {
ngx_shm_zone_t *shm_zone;
ngx_uint_t conn;
ngx_uint_t log_level;
} ngx_http_limit_zone_conf_t;
static void ngx_http_limit_zone_cleanup(void *data);
static void *ngx_http_limit_zone_create_conf(ngx_conf_t *cf);
static char *ngx_http_limit_zone_merge_conf(ngx_conf_t *cf, void *parent,
void *child);
static char *ngx_http_limit_zone(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
static char *ngx_http_limit_conn(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
static ngx_int_t ngx_http_limit_zone_init(ngx_conf_t *cf);
static ngx_conf_enum_t ngx_http_limit_conn_log_levels[] = {
{ ngx_string("info"), NGX_LOG_INFO },
{ ngx_string("notice"), NGX_LOG_NOTICE },
{ ngx_string("warn"), NGX_LOG_WARN },
{ ngx_string("error"), NGX_LOG_ERR },
{ ngx_null_string, 0 }
};
static ngx_command_t ngx_http_limit_zone_commands[] = {
{ ngx_string("limit_zone"),
NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE3,
ngx_http_limit_zone,
0,
0,
NULL },
{ ngx_string("limit_conn"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE2,
ngx_http_limit_conn,
NGX_HTTP_LOC_CONF_OFFSET,
0,
NULL },
{ ngx_string("limit_conn_log_level"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
ngx_conf_set_enum_slot,
NGX_HTTP_LOC_CONF_OFFSET,
offsetof(ngx_http_limit_zone_conf_t, log_level),
&ngx_http_limit_conn_log_levels },
ngx_null_command
};
static ngx_http_module_t ngx_http_limit_zone_module_ctx = {
NULL, /* preconfiguration */
ngx_http_limit_zone_init, /* postconfiguration */
NULL, /* create main configuration */
NULL, /* init main configuration */
NULL, /* create server configuration */
NULL, /* merge server configuration */
ngx_http_limit_zone_create_conf, /* create location configration */
ngx_http_limit_zone_merge_conf /* merge location configration */
};
ngx_module_t ngx_http_limit_zone_module = {
NGX_MODULE_V1,
&ngx_http_limit_zone_module_ctx, /* module context */
ngx_http_limit_zone_commands, /* module directives */
NGX_HTTP_MODULE, /* module type */
NULL, /* init master */
NULL, /* init module */
NULL, /* init process */
NULL, /* init thread */
NULL, /* exit thread */
NULL, /* exit process */
NULL, /* exit master */
NGX_MODULE_V1_PADDING
};
static ngx_int_t
ngx_http_limit_zone_handler(ngx_http_request_t *r)
{
size_t len, n;
uint32_t hash;
ngx_int_t rc;
ngx_slab_pool_t *shpool;
ngx_rbtree_node_t *node, *sentinel;
ngx_pool_cleanup_t *cln;
ngx_http_variable_value_t *vv;
ngx_http_limit_zone_ctx_t *ctx;
ngx_http_limit_zone_node_t *lz;
ngx_http_limit_zone_conf_t *lzcf;
ngx_http_limit_zone_cleanup_t *lzcln;
if (r->main->limit_zone_set) {
return NGX_DECLINED;
}
lzcf = ngx_http_get_module_loc_conf(r, ngx_http_limit_zone_module);
if (lzcf->shm_zone == NULL) {
return NGX_DECLINED;
}
ctx = lzcf->shm_zone->data;
vv = ngx_http_get_indexed_variable(r, ctx->index);
if (vv == NULL || vv->not_found) {
return NGX_DECLINED;
}
len = vv->len;
if (len == 0) {
return NGX_DECLINED;
}
if (len > 255) {
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
"the value of the \"%V\" variable "
"is more than 255 bytes: \"%v\"",
&ctx->var, vv);
return NGX_DECLINED;
}
r->main->limit_zone_set = 1;
hash = ngx_crc32_short(vv->data, len);
cln = ngx_pool_cleanup_add(r->pool, sizeof(ngx_http_limit_zone_cleanup_t));
if (cln == NULL) {
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
shpool = (ngx_slab_pool_t *) lzcf->shm_zone->shm.addr;
ngx_shmtx_lock(&shpool->mutex);
node = ctx->rbtree->root;
sentinel = ctx->rbtree->sentinel;
while (node != sentinel) {
if (hash < node->key) {
node = node->left;
continue;
}
if (hash > node->key) {
node = node->right;
continue;
}
/* hash == node->key */
do {
lz = (ngx_http_limit_zone_node_t *) &node->color;
rc = ngx_memn2cmp(vv->data, lz->data, len, (size_t) lz->len);
if (rc == 0) {
if ((ngx_uint_t) lz->conn < lzcf->conn) {
lz->conn++;
goto done;
}
ngx_shmtx_unlock(&shpool->mutex);
ngx_log_error(lzcf->log_level, r->connection->log, 0,
"limiting connections by zone \"%V\"",
&lzcf->shm_zone->shm.name);
return NGX_HTTP_SERVICE_UNAVAILABLE;
}
node = (rc < 0) ? node->left : node->right;
} while (node != sentinel && hash == node->key);
break;
}
n = offsetof(ngx_rbtree_node_t, color)
+ offsetof(ngx_http_limit_zone_node_t, data)
+ len;
node = ngx_slab_alloc_locked(shpool, n);
if (node == NULL) {
ngx_shmtx_unlock(&shpool->mutex);
return NGX_HTTP_SERVICE_UNAVAILABLE;
}
lz = (ngx_http_limit_zone_node_t *) &node->color;
node->key = hash;
lz->len = (u_char) len;
lz->conn = 1;
ngx_memcpy(lz->data, vv->data, len);
ngx_rbtree_insert(ctx->rbtree, node);
done:
ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"limit zone: %08XD %d", node->key, lz->conn);
ngx_shmtx_unlock(&shpool->mutex);
cln->handler = ngx_http_limit_zone_cleanup;
lzcln = cln->data;
lzcln->shm_zone = lzcf->shm_zone;
lzcln->node = node;
return NGX_DECLINED;
}
static void
ngx_http_limit_zone_rbtree_insert_value(ngx_rbtree_node_t *temp,
ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel)
{
ngx_rbtree_node_t **p;
ngx_http_limit_zone_node_t *lzn, *lznt;
for ( ;; ) {
if (node->key < temp->key) {
p = &temp->left;
} else if (node->key > temp->key) {
p = &temp->right;
} else { /* node->key == temp->key */
lzn = (ngx_http_limit_zone_node_t *) &node->color;
lznt = (ngx_http_limit_zone_node_t *) &temp->color;
p = (ngx_memn2cmp(lzn->data, lznt->data, lzn->len, lznt->len) < 0)
? &temp->left : &temp->right;
}
if (*p == sentinel) {
break;
}
temp = *p;
}
*p = node;
node->parent = temp;
node->left = sentinel;
node->right = sentinel;
ngx_rbt_red(node);
}
static void
ngx_http_limit_zone_cleanup(void *data)
{
ngx_http_limit_zone_cleanup_t *lzcln = data;
ngx_slab_pool_t *shpool;
ngx_rbtree_node_t *node;
ngx_http_limit_zone_ctx_t *ctx;
ngx_http_limit_zone_node_t *lz;
ctx = lzcln->shm_zone->data;
shpool = (ngx_slab_pool_t *) lzcln->shm_zone->shm.addr;
node = lzcln->node;
lz = (ngx_http_limit_zone_node_t *) &node->color;
ngx_shmtx_lock(&shpool->mutex);
ngx_log_debug2(NGX_LOG_DEBUG_HTTP, lzcln->shm_zone->shm.log, 0,
"limit zone cleanup: %08XD %d", node->key, lz->conn);
lz->conn--;
if (lz->conn == 0) {
ngx_rbtree_delete(ctx->rbtree, node);
ngx_slab_free_locked(shpool, node);
}
ngx_shmtx_unlock(&shpool->mutex);
}
static ngx_int_t
ngx_http_limit_zone_init_zone(ngx_shm_zone_t *shm_zone, void *data)
{
ngx_http_limit_zone_ctx_t *octx = data;
size_t len;
ngx_slab_pool_t *shpool;
ngx_rbtree_node_t *sentinel;
ngx_http_limit_zone_ctx_t *ctx;
ctx = shm_zone->data;
if (octx) {
if (ngx_strcmp(ctx->var.data, octx->var.data) != 0) {
ngx_log_error(NGX_LOG_EMERG, shm_zone->shm.log, 0,
"limit_zone \"%V\" uses the \"%V\" variable "
"while previously it used the \"%V\" variable",
&shm_zone->shm.name, &ctx->var, &octx->var);
return NGX_ERROR;
}
ctx->rbtree = octx->rbtree;
return NGX_OK;
}
shpool = (ngx_slab_pool_t *) shm_zone->shm.addr;
if (shm_zone->shm.exists) {
ctx->rbtree = shpool->data;
return NGX_OK;
}
ctx->rbtree = ngx_slab_alloc(shpool, sizeof(ngx_rbtree_t));
if (ctx->rbtree == NULL) {
return NGX_ERROR;
}
shpool->data = ctx->rbtree;
sentinel = ngx_slab_alloc(shpool, sizeof(ngx_rbtree_node_t));
if (sentinel == NULL) {
return NGX_ERROR;
}
ngx_rbtree_init(ctx->rbtree, sentinel,
ngx_http_limit_zone_rbtree_insert_value);
len = sizeof(" in limit_zone \"\"") + shm_zone->shm.name.len;
shpool->log_ctx = ngx_slab_alloc(shpool, len);
if (shpool->log_ctx == NULL) {
return NGX_ERROR;
}
ngx_sprintf(shpool->log_ctx, " in limit_zone \"%V\"%Z",
&shm_zone->shm.name);
return NGX_OK;
}
static void *
ngx_http_limit_zone_create_conf(ngx_conf_t *cf)
{
ngx_http_limit_zone_conf_t *conf;
conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_limit_zone_conf_t));
if (conf == NULL) {
return NULL;
}
/*
* set by ngx_pcalloc():
*
* conf->shm_zone = NULL;
* conf->conn = 0;
*/
conf->log_level = NGX_CONF_UNSET_UINT;
return conf;
}
static char *
ngx_http_limit_zone_merge_conf(ngx_conf_t *cf, void *parent, void *child)
{
ngx_http_limit_zone_conf_t *prev = parent;
ngx_http_limit_zone_conf_t *conf = child;
if (conf->shm_zone == NULL) {
*conf = *prev;
}
ngx_conf_merge_uint_value(conf->log_level, prev->log_level, NGX_LOG_ERR);
return NGX_CONF_OK;
}
static char *
ngx_http_limit_zone(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ssize_t n;
ngx_str_t *value;
ngx_shm_zone_t *shm_zone;
ngx_http_limit_zone_ctx_t *ctx;
value = cf->args->elts;
if (value[2].data[0] != '$') {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"invalid variable name \"%V\"", &value[2]);
return NGX_CONF_ERROR;
}
value[2].len--;
value[2].data++;
ctx = ngx_pcalloc(cf->pool, sizeof(ngx_http_limit_zone_ctx_t));
if (ctx == NULL) {
return NGX_CONF_ERROR;
}
ctx->index = ngx_http_get_variable_index(cf, &value[2]);
if (ctx->index == NGX_ERROR) {
return NGX_CONF_ERROR;
}
ctx->var = value[2];
n = ngx_parse_size(&value[3]);
if (n == NGX_ERROR) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"invalid size of limit_zone \"%V\"", &value[3]);
return NGX_CONF_ERROR;
}
if (n < (ngx_int_t) (8 * ngx_pagesize)) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"limit_zone \"%V\" is too small", &value[1]);
return NGX_CONF_ERROR;
}
shm_zone = ngx_shared_memory_add(cf, &value[1], n,
&ngx_http_limit_zone_module);
if (shm_zone == NULL) {
return NGX_CONF_ERROR;
}
if (shm_zone->data) {
ctx = shm_zone->data;
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"limit_zone \"%V\" is already bound to variable \"%V\"",
&value[1], &ctx->var);
return NGX_CONF_ERROR;
}
shm_zone->init = ngx_http_limit_zone_init_zone;
shm_zone->data = ctx;
return NGX_CONF_OK;
}
static char *
ngx_http_limit_conn(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_http_limit_zone_conf_t *lzcf = conf;
ngx_int_t n;
ngx_str_t *value;
if (lzcf->shm_zone) {
return "is duplicate";
}
value = cf->args->elts;
lzcf->shm_zone = ngx_shared_memory_add(cf, &value[1], 0,
&ngx_http_limit_zone_module);
if (lzcf->shm_zone == NULL) {
return NGX_CONF_ERROR;
}
n = ngx_atoi(value[2].data, value[2].len);
if (n <= 0) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"invalid number of connections \"%V\"", &value[2]);
return NGX_CONF_ERROR;
}
if (n > 65535) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"connection limit must be less 65536");
return NGX_CONF_ERROR;
}
lzcf->conn = n;
return NGX_CONF_OK;
}
static ngx_int_t
ngx_http_limit_zone_init(ngx_conf_t *cf)
{
ngx_http_handler_pt *h;
ngx_http_core_main_conf_t *cmcf;
cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module);
h = ngx_array_push(&cmcf->phases[NGX_HTTP_PREACCESS_PHASE].handlers);
if (h == NULL) {
return NGX_ERROR;
}
*h = ngx_http_limit_zone_handler;
return NGX_OK;
}