From 9418bf69d9f85af5a9c87e399edd26f36cd9f623 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B8rnar=20Ness?= Date: Fri, 31 Aug 2018 14:15:18 +0200 Subject: [PATCH] Add abstract socket support on Linux This adds abstract socket support for Linux, making it possible to do for example: server { listen unix:@abstract-socket; location / { content_by_lua_block { ngx.say("hello from @abstract-socket") } } location /abstract-socket { content_by_lua_block { local sock = ngx.socket.tcp() local ok, err = sock:connect("unix:@abstract-socket") if not ok then return ngx.say("could not connect: ", err) end ok, err = sock:send("GET /\r\n"); if not ok then return ngx.say("failed to send data on socket") end ngx.say(sock:receive()) } } } echo -en "GET /abstract-socket\r\n" | \ socat abstract-connect:abstract-socket - --- .../nginx-1.13.6-linux_abstract_sockets.patch | 96 +++++++++++++++++++ .../nginx-1.13.8-linux_abstract_sockets.patch | 96 +++++++++++++++++++ util/mirror-tarballs | 7 ++ 3 files changed, 199 insertions(+) create mode 100644 patches/nginx-1.13.6-linux_abstract_sockets.patch create mode 100644 patches/nginx-1.13.8-linux_abstract_sockets.patch diff --git a/patches/nginx-1.13.6-linux_abstract_sockets.patch b/patches/nginx-1.13.6-linux_abstract_sockets.patch new file mode 100644 index 0000000..b79ea16 --- /dev/null +++ b/patches/nginx-1.13.6-linux_abstract_sockets.patch @@ -0,0 +1,96 @@ +--- + src/core/ngx_connection.c | 10 +++++++++- + src/core/ngx_cycle.c | 7 ++++++- + src/core/ngx_inet.c | 17 +++++++++++++++++ + 3 files changed, 32 insertions(+), 2 deletions(-) + +diff --git a/src/core/ngx_connection.c b/src/core/ngx_connection.c +index 33682532..b7b83225 100644 +--- a/src/core/ngx_connection.c ++++ b/src/core/ngx_connection.c +@@ -625,7 +625,12 @@ ngx_open_listening_sockets(ngx_cycle_t *cycle) + + #if (NGX_HAVE_UNIX_DOMAIN) + +- if (ls[i].sockaddr->sa_family == AF_UNIX) { ++ if (ls[i].sockaddr->sa_family == AF_UNIX ++#if (NGX_LINUX) ++ && ls[i].addr_text.data[sizeof("unix:") - 1] != '@' ++#endif ++ ) ++ { + mode_t mode; + u_char *name; + +@@ -1069,6 +1074,9 @@ ngx_close_listening_sockets(ngx_cycle_t *cycle) + #if (NGX_HAVE_UNIX_DOMAIN) + + if (ls[i].sockaddr->sa_family == AF_UNIX ++#if (NGX_LINUX) ++ && ls[i].addr_text.data[sizeof("unix:") - 1] != '@' ++#endif + && ngx_process <= NGX_PROCESS_MASTER + && ngx_new_binary == 0) + { +diff --git a/src/core/ngx_cycle.c b/src/core/ngx_cycle.c +index f3ac24d7..143149fa 100644 +--- a/src/core/ngx_cycle.c ++++ b/src/core/ngx_cycle.c +@@ -709,7 +709,12 @@ old_shm_zone_done: + + #if (NGX_HAVE_UNIX_DOMAIN) + +- if (ls[i].sockaddr->sa_family == AF_UNIX) { ++ if (ls[i].sockaddr->sa_family == AF_UNIX ++#if (NGX_LINUX) ++ && ls[i].addr_text.data[sizeof("unix:") - 1] != '@' ++#endif ++ ) ++ { + u_char *name; + + name = ls[i].addr_text.data + sizeof("unix:") - 1; +diff --git a/src/core/ngx_inet.c b/src/core/ngx_inet.c +index db48b93c..52a2d62e 100644 +--- a/src/core/ngx_inet.c ++++ b/src/core/ngx_inet.c +@@ -242,6 +242,9 @@ ngx_sock_ntop(struct sockaddr *sa, socklen_t socklen, u_char *text, size_t len, + if (socklen <= (socklen_t) offsetof(struct sockaddr_un, sun_path)) { + p = ngx_snprintf(text, len, "unix:%Z"); + ++ } else if (saun->sun_path[0] == '\0') { ++ p = ngx_snprintf(text, len, "unix:@%s%Z", &saun->sun_path[1]); ++ + } else { + n = ngx_strnlen((u_char *) saun->sun_path, + socklen - offsetof(struct sockaddr_un, sun_path)); +@@ -744,6 +747,13 @@ ngx_parse_unix_domain_url(ngx_pool_t *pool, ngx_url_t *u) + saun->sun_family = AF_UNIX; + (void) ngx_cpystrn((u_char *) saun->sun_path, path, len); + ++#if (NGX_LINUX) ++ if (path[0] == '@') { ++ saun->sun_path[0] = '\0'; ++ u->socklen = sizeof(sa_family_t) + strlen(path); ++ } ++#endif ++ + u->addrs = ngx_pcalloc(pool, sizeof(ngx_addr_t)); + if (u->addrs == NULL) { + return NGX_ERROR; +@@ -765,6 +775,13 @@ ngx_parse_unix_domain_url(ngx_pool_t *pool, ngx_url_t *u) + u->addrs[0].name.len = len + 4; + u->addrs[0].name.data = u->url.data; + ++#if (NGX_LINUX) ++ if (path[0] == '@') { ++ saun->sun_path[0] = '\0'; ++ u->addrs[0].socklen = sizeof(sa_family_t) + strlen(path); ++ } ++#endif ++ + return NGX_OK; + + #else +-- +2.17.1 diff --git a/patches/nginx-1.13.8-linux_abstract_sockets.patch b/patches/nginx-1.13.8-linux_abstract_sockets.patch new file mode 100644 index 0000000..b79ea16 --- /dev/null +++ b/patches/nginx-1.13.8-linux_abstract_sockets.patch @@ -0,0 +1,96 @@ +--- + src/core/ngx_connection.c | 10 +++++++++- + src/core/ngx_cycle.c | 7 ++++++- + src/core/ngx_inet.c | 17 +++++++++++++++++ + 3 files changed, 32 insertions(+), 2 deletions(-) + +diff --git a/src/core/ngx_connection.c b/src/core/ngx_connection.c +index 33682532..b7b83225 100644 +--- a/src/core/ngx_connection.c ++++ b/src/core/ngx_connection.c +@@ -625,7 +625,12 @@ ngx_open_listening_sockets(ngx_cycle_t *cycle) + + #if (NGX_HAVE_UNIX_DOMAIN) + +- if (ls[i].sockaddr->sa_family == AF_UNIX) { ++ if (ls[i].sockaddr->sa_family == AF_UNIX ++#if (NGX_LINUX) ++ && ls[i].addr_text.data[sizeof("unix:") - 1] != '@' ++#endif ++ ) ++ { + mode_t mode; + u_char *name; + +@@ -1069,6 +1074,9 @@ ngx_close_listening_sockets(ngx_cycle_t *cycle) + #if (NGX_HAVE_UNIX_DOMAIN) + + if (ls[i].sockaddr->sa_family == AF_UNIX ++#if (NGX_LINUX) ++ && ls[i].addr_text.data[sizeof("unix:") - 1] != '@' ++#endif + && ngx_process <= NGX_PROCESS_MASTER + && ngx_new_binary == 0) + { +diff --git a/src/core/ngx_cycle.c b/src/core/ngx_cycle.c +index f3ac24d7..143149fa 100644 +--- a/src/core/ngx_cycle.c ++++ b/src/core/ngx_cycle.c +@@ -709,7 +709,12 @@ old_shm_zone_done: + + #if (NGX_HAVE_UNIX_DOMAIN) + +- if (ls[i].sockaddr->sa_family == AF_UNIX) { ++ if (ls[i].sockaddr->sa_family == AF_UNIX ++#if (NGX_LINUX) ++ && ls[i].addr_text.data[sizeof("unix:") - 1] != '@' ++#endif ++ ) ++ { + u_char *name; + + name = ls[i].addr_text.data + sizeof("unix:") - 1; +diff --git a/src/core/ngx_inet.c b/src/core/ngx_inet.c +index db48b93c..52a2d62e 100644 +--- a/src/core/ngx_inet.c ++++ b/src/core/ngx_inet.c +@@ -242,6 +242,9 @@ ngx_sock_ntop(struct sockaddr *sa, socklen_t socklen, u_char *text, size_t len, + if (socklen <= (socklen_t) offsetof(struct sockaddr_un, sun_path)) { + p = ngx_snprintf(text, len, "unix:%Z"); + ++ } else if (saun->sun_path[0] == '\0') { ++ p = ngx_snprintf(text, len, "unix:@%s%Z", &saun->sun_path[1]); ++ + } else { + n = ngx_strnlen((u_char *) saun->sun_path, + socklen - offsetof(struct sockaddr_un, sun_path)); +@@ -744,6 +747,13 @@ ngx_parse_unix_domain_url(ngx_pool_t *pool, ngx_url_t *u) + saun->sun_family = AF_UNIX; + (void) ngx_cpystrn((u_char *) saun->sun_path, path, len); + ++#if (NGX_LINUX) ++ if (path[0] == '@') { ++ saun->sun_path[0] = '\0'; ++ u->socklen = sizeof(sa_family_t) + strlen(path); ++ } ++#endif ++ + u->addrs = ngx_pcalloc(pool, sizeof(ngx_addr_t)); + if (u->addrs == NULL) { + return NGX_ERROR; +@@ -765,6 +775,13 @@ ngx_parse_unix_domain_url(ngx_pool_t *pool, ngx_url_t *u) + u->addrs[0].name.len = len + 4; + u->addrs[0].name.data = u->url.data; + ++#if (NGX_LINUX) ++ if (path[0] == '@') { ++ saun->sun_path[0] = '\0'; ++ u->addrs[0].socklen = sizeof(sa_family_t) + strlen(path); ++ } ++#endif ++ + return NGX_OK; + + #else +-- +2.17.1 diff --git a/util/mirror-tarballs b/util/mirror-tarballs index df2834b..7f7f3f8 100755 --- a/util/mirror-tarballs +++ b/util/mirror-tarballs @@ -394,6 +394,13 @@ if [ "$answer" = "N" ]; then echo fi +answer=`$root/util/ver-ge "$main_ver" 1.13.6` +if [ "$answer" = "Y" ]; then + echo "$info_txt applying the linux_abstract_sockets patch for nginx" + patch -p1 < $root/patches/nginx-$main_ver-linux_abstract_sockets.patch || exit 1 + echo +fi + if [ "$main_ver" = "1.9.7" ]; then echo "$info_txt applying the resolver_security_fixes patch for nginx" patch -p1 < $root/patches/nginx-$main_ver-resolver_security_fixes.patch || exit 1