From 9418bf69d9f85af5a9c87e399edd26f36cd9f623 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B8rnar=20Ness?= Date: Fri, 31 Aug 2018 14:15:18 +0200 Subject: [PATCH 1/2] Add abstract socket support on Linux This adds abstract socket support for Linux, making it possible to do for example: server { listen unix:@abstract-socket; location / { content_by_lua_block { ngx.say("hello from @abstract-socket") } } location /abstract-socket { content_by_lua_block { local sock = ngx.socket.tcp() local ok, err = sock:connect("unix:@abstract-socket") if not ok then return ngx.say("could not connect: ", err) end ok, err = sock:send("GET /\r\n"); if not ok then return ngx.say("failed to send data on socket") end ngx.say(sock:receive()) } } } echo -en "GET /abstract-socket\r\n" | \ socat abstract-connect:abstract-socket - --- .../nginx-1.13.6-linux_abstract_sockets.patch | 96 +++++++++++++++++++ .../nginx-1.13.8-linux_abstract_sockets.patch | 96 +++++++++++++++++++ util/mirror-tarballs | 7 ++ 3 files changed, 199 insertions(+) create mode 100644 patches/nginx-1.13.6-linux_abstract_sockets.patch create mode 100644 patches/nginx-1.13.8-linux_abstract_sockets.patch diff --git a/patches/nginx-1.13.6-linux_abstract_sockets.patch b/patches/nginx-1.13.6-linux_abstract_sockets.patch new file mode 100644 index 0000000..b79ea16 --- /dev/null +++ b/patches/nginx-1.13.6-linux_abstract_sockets.patch @@ -0,0 +1,96 @@ +--- + src/core/ngx_connection.c | 10 +++++++++- + src/core/ngx_cycle.c | 7 ++++++- + src/core/ngx_inet.c | 17 +++++++++++++++++ + 3 files changed, 32 insertions(+), 2 deletions(-) + +diff --git a/src/core/ngx_connection.c b/src/core/ngx_connection.c +index 33682532..b7b83225 100644 +--- a/src/core/ngx_connection.c ++++ b/src/core/ngx_connection.c +@@ -625,7 +625,12 @@ ngx_open_listening_sockets(ngx_cycle_t *cycle) + + #if (NGX_HAVE_UNIX_DOMAIN) + +- if (ls[i].sockaddr->sa_family == AF_UNIX) { ++ if (ls[i].sockaddr->sa_family == AF_UNIX ++#if (NGX_LINUX) ++ && ls[i].addr_text.data[sizeof("unix:") - 1] != '@' ++#endif ++ ) ++ { + mode_t mode; + u_char *name; + +@@ -1069,6 +1074,9 @@ ngx_close_listening_sockets(ngx_cycle_t *cycle) + #if (NGX_HAVE_UNIX_DOMAIN) + + if (ls[i].sockaddr->sa_family == AF_UNIX ++#if (NGX_LINUX) ++ && ls[i].addr_text.data[sizeof("unix:") - 1] != '@' ++#endif + && ngx_process <= NGX_PROCESS_MASTER + && ngx_new_binary == 0) + { +diff --git a/src/core/ngx_cycle.c b/src/core/ngx_cycle.c +index f3ac24d7..143149fa 100644 +--- a/src/core/ngx_cycle.c ++++ b/src/core/ngx_cycle.c +@@ -709,7 +709,12 @@ old_shm_zone_done: + + #if (NGX_HAVE_UNIX_DOMAIN) + +- if (ls[i].sockaddr->sa_family == AF_UNIX) { ++ if (ls[i].sockaddr->sa_family == AF_UNIX ++#if (NGX_LINUX) ++ && ls[i].addr_text.data[sizeof("unix:") - 1] != '@' ++#endif ++ ) ++ { + u_char *name; + + name = ls[i].addr_text.data + sizeof("unix:") - 1; +diff --git a/src/core/ngx_inet.c b/src/core/ngx_inet.c +index db48b93c..52a2d62e 100644 +--- a/src/core/ngx_inet.c ++++ b/src/core/ngx_inet.c +@@ -242,6 +242,9 @@ ngx_sock_ntop(struct sockaddr *sa, socklen_t socklen, u_char *text, size_t len, + if (socklen <= (socklen_t) offsetof(struct sockaddr_un, sun_path)) { + p = ngx_snprintf(text, len, "unix:%Z"); + ++ } else if (saun->sun_path[0] == '\0') { ++ p = ngx_snprintf(text, len, "unix:@%s%Z", &saun->sun_path[1]); ++ + } else { + n = ngx_strnlen((u_char *) saun->sun_path, + socklen - offsetof(struct sockaddr_un, sun_path)); +@@ -744,6 +747,13 @@ ngx_parse_unix_domain_url(ngx_pool_t *pool, ngx_url_t *u) + saun->sun_family = AF_UNIX; + (void) ngx_cpystrn((u_char *) saun->sun_path, path, len); + ++#if (NGX_LINUX) ++ if (path[0] == '@') { ++ saun->sun_path[0] = '\0'; ++ u->socklen = sizeof(sa_family_t) + strlen(path); ++ } ++#endif ++ + u->addrs = ngx_pcalloc(pool, sizeof(ngx_addr_t)); + if (u->addrs == NULL) { + return NGX_ERROR; +@@ -765,6 +775,13 @@ ngx_parse_unix_domain_url(ngx_pool_t *pool, ngx_url_t *u) + u->addrs[0].name.len = len + 4; + u->addrs[0].name.data = u->url.data; + ++#if (NGX_LINUX) ++ if (path[0] == '@') { ++ saun->sun_path[0] = '\0'; ++ u->addrs[0].socklen = sizeof(sa_family_t) + strlen(path); ++ } ++#endif ++ + return NGX_OK; + + #else +-- +2.17.1 diff --git a/patches/nginx-1.13.8-linux_abstract_sockets.patch b/patches/nginx-1.13.8-linux_abstract_sockets.patch new file mode 100644 index 0000000..b79ea16 --- /dev/null +++ b/patches/nginx-1.13.8-linux_abstract_sockets.patch @@ -0,0 +1,96 @@ +--- + src/core/ngx_connection.c | 10 +++++++++- + src/core/ngx_cycle.c | 7 ++++++- + src/core/ngx_inet.c | 17 +++++++++++++++++ + 3 files changed, 32 insertions(+), 2 deletions(-) + +diff --git a/src/core/ngx_connection.c b/src/core/ngx_connection.c +index 33682532..b7b83225 100644 +--- a/src/core/ngx_connection.c ++++ b/src/core/ngx_connection.c +@@ -625,7 +625,12 @@ ngx_open_listening_sockets(ngx_cycle_t *cycle) + + #if (NGX_HAVE_UNIX_DOMAIN) + +- if (ls[i].sockaddr->sa_family == AF_UNIX) { ++ if (ls[i].sockaddr->sa_family == AF_UNIX ++#if (NGX_LINUX) ++ && ls[i].addr_text.data[sizeof("unix:") - 1] != '@' ++#endif ++ ) ++ { + mode_t mode; + u_char *name; + +@@ -1069,6 +1074,9 @@ ngx_close_listening_sockets(ngx_cycle_t *cycle) + #if (NGX_HAVE_UNIX_DOMAIN) + + if (ls[i].sockaddr->sa_family == AF_UNIX ++#if (NGX_LINUX) ++ && ls[i].addr_text.data[sizeof("unix:") - 1] != '@' ++#endif + && ngx_process <= NGX_PROCESS_MASTER + && ngx_new_binary == 0) + { +diff --git a/src/core/ngx_cycle.c b/src/core/ngx_cycle.c +index f3ac24d7..143149fa 100644 +--- a/src/core/ngx_cycle.c ++++ b/src/core/ngx_cycle.c +@@ -709,7 +709,12 @@ old_shm_zone_done: + + #if (NGX_HAVE_UNIX_DOMAIN) + +- if (ls[i].sockaddr->sa_family == AF_UNIX) { ++ if (ls[i].sockaddr->sa_family == AF_UNIX ++#if (NGX_LINUX) ++ && ls[i].addr_text.data[sizeof("unix:") - 1] != '@' ++#endif ++ ) ++ { + u_char *name; + + name = ls[i].addr_text.data + sizeof("unix:") - 1; +diff --git a/src/core/ngx_inet.c b/src/core/ngx_inet.c +index db48b93c..52a2d62e 100644 +--- a/src/core/ngx_inet.c ++++ b/src/core/ngx_inet.c +@@ -242,6 +242,9 @@ ngx_sock_ntop(struct sockaddr *sa, socklen_t socklen, u_char *text, size_t len, + if (socklen <= (socklen_t) offsetof(struct sockaddr_un, sun_path)) { + p = ngx_snprintf(text, len, "unix:%Z"); + ++ } else if (saun->sun_path[0] == '\0') { ++ p = ngx_snprintf(text, len, "unix:@%s%Z", &saun->sun_path[1]); ++ + } else { + n = ngx_strnlen((u_char *) saun->sun_path, + socklen - offsetof(struct sockaddr_un, sun_path)); +@@ -744,6 +747,13 @@ ngx_parse_unix_domain_url(ngx_pool_t *pool, ngx_url_t *u) + saun->sun_family = AF_UNIX; + (void) ngx_cpystrn((u_char *) saun->sun_path, path, len); + ++#if (NGX_LINUX) ++ if (path[0] == '@') { ++ saun->sun_path[0] = '\0'; ++ u->socklen = sizeof(sa_family_t) + strlen(path); ++ } ++#endif ++ + u->addrs = ngx_pcalloc(pool, sizeof(ngx_addr_t)); + if (u->addrs == NULL) { + return NGX_ERROR; +@@ -765,6 +775,13 @@ ngx_parse_unix_domain_url(ngx_pool_t *pool, ngx_url_t *u) + u->addrs[0].name.len = len + 4; + u->addrs[0].name.data = u->url.data; + ++#if (NGX_LINUX) ++ if (path[0] == '@') { ++ saun->sun_path[0] = '\0'; ++ u->addrs[0].socklen = sizeof(sa_family_t) + strlen(path); ++ } ++#endif ++ + return NGX_OK; + + #else +-- +2.17.1 diff --git a/util/mirror-tarballs b/util/mirror-tarballs index df2834b..7f7f3f8 100755 --- a/util/mirror-tarballs +++ b/util/mirror-tarballs @@ -394,6 +394,13 @@ if [ "$answer" = "N" ]; then echo fi +answer=`$root/util/ver-ge "$main_ver" 1.13.6` +if [ "$answer" = "Y" ]; then + echo "$info_txt applying the linux_abstract_sockets patch for nginx" + patch -p1 < $root/patches/nginx-$main_ver-linux_abstract_sockets.patch || exit 1 + echo +fi + if [ "$main_ver" = "1.9.7" ]; then echo "$info_txt applying the resolver_security_fixes patch for nginx" patch -p1 < $root/patches/nginx-$main_ver-resolver_security_fixes.patch || exit 1 From 568889bd0695e45f4edcaac016bcd23f6692560a Mon Sep 17 00:00:00 2001 From: Odin Hultgren Van Der Horst Date: Fri, 2 Aug 2019 09:00:02 +0200 Subject: [PATCH 2/2] Fixed name length bug - Fixed a length bug that would ocure when the socket name was not zero terminated. --- .../nginx-1.13.8-linux_abstract_sockets.patch | 96 ------------------- ...nginx-1.17.1-linux_abstract_sockets.patch} | 22 ++--- util/mirror-tarballs | 2 +- 3 files changed, 8 insertions(+), 112 deletions(-) delete mode 100644 patches/nginx-1.13.8-linux_abstract_sockets.patch rename patches/{nginx-1.13.6-linux_abstract_sockets.patch => nginx-1.17.1-linux_abstract_sockets.patch} (81%) diff --git a/patches/nginx-1.13.8-linux_abstract_sockets.patch b/patches/nginx-1.13.8-linux_abstract_sockets.patch deleted file mode 100644 index b79ea16..0000000 --- a/patches/nginx-1.13.8-linux_abstract_sockets.patch +++ /dev/null @@ -1,96 +0,0 @@ ---- - src/core/ngx_connection.c | 10 +++++++++- - src/core/ngx_cycle.c | 7 ++++++- - src/core/ngx_inet.c | 17 +++++++++++++++++ - 3 files changed, 32 insertions(+), 2 deletions(-) - -diff --git a/src/core/ngx_connection.c b/src/core/ngx_connection.c -index 33682532..b7b83225 100644 ---- a/src/core/ngx_connection.c -+++ b/src/core/ngx_connection.c -@@ -625,7 +625,12 @@ ngx_open_listening_sockets(ngx_cycle_t *cycle) - - #if (NGX_HAVE_UNIX_DOMAIN) - -- if (ls[i].sockaddr->sa_family == AF_UNIX) { -+ if (ls[i].sockaddr->sa_family == AF_UNIX -+#if (NGX_LINUX) -+ && ls[i].addr_text.data[sizeof("unix:") - 1] != '@' -+#endif -+ ) -+ { - mode_t mode; - u_char *name; - -@@ -1069,6 +1074,9 @@ ngx_close_listening_sockets(ngx_cycle_t *cycle) - #if (NGX_HAVE_UNIX_DOMAIN) - - if (ls[i].sockaddr->sa_family == AF_UNIX -+#if (NGX_LINUX) -+ && ls[i].addr_text.data[sizeof("unix:") - 1] != '@' -+#endif - && ngx_process <= NGX_PROCESS_MASTER - && ngx_new_binary == 0) - { -diff --git a/src/core/ngx_cycle.c b/src/core/ngx_cycle.c -index f3ac24d7..143149fa 100644 ---- a/src/core/ngx_cycle.c -+++ b/src/core/ngx_cycle.c -@@ -709,7 +709,12 @@ old_shm_zone_done: - - #if (NGX_HAVE_UNIX_DOMAIN) - -- if (ls[i].sockaddr->sa_family == AF_UNIX) { -+ if (ls[i].sockaddr->sa_family == AF_UNIX -+#if (NGX_LINUX) -+ && ls[i].addr_text.data[sizeof("unix:") - 1] != '@' -+#endif -+ ) -+ { - u_char *name; - - name = ls[i].addr_text.data + sizeof("unix:") - 1; -diff --git a/src/core/ngx_inet.c b/src/core/ngx_inet.c -index db48b93c..52a2d62e 100644 ---- a/src/core/ngx_inet.c -+++ b/src/core/ngx_inet.c -@@ -242,6 +242,9 @@ ngx_sock_ntop(struct sockaddr *sa, socklen_t socklen, u_char *text, size_t len, - if (socklen <= (socklen_t) offsetof(struct sockaddr_un, sun_path)) { - p = ngx_snprintf(text, len, "unix:%Z"); - -+ } else if (saun->sun_path[0] == '\0') { -+ p = ngx_snprintf(text, len, "unix:@%s%Z", &saun->sun_path[1]); -+ - } else { - n = ngx_strnlen((u_char *) saun->sun_path, - socklen - offsetof(struct sockaddr_un, sun_path)); -@@ -744,6 +747,13 @@ ngx_parse_unix_domain_url(ngx_pool_t *pool, ngx_url_t *u) - saun->sun_family = AF_UNIX; - (void) ngx_cpystrn((u_char *) saun->sun_path, path, len); - -+#if (NGX_LINUX) -+ if (path[0] == '@') { -+ saun->sun_path[0] = '\0'; -+ u->socklen = sizeof(sa_family_t) + strlen(path); -+ } -+#endif -+ - u->addrs = ngx_pcalloc(pool, sizeof(ngx_addr_t)); - if (u->addrs == NULL) { - return NGX_ERROR; -@@ -765,6 +775,13 @@ ngx_parse_unix_domain_url(ngx_pool_t *pool, ngx_url_t *u) - u->addrs[0].name.len = len + 4; - u->addrs[0].name.data = u->url.data; - -+#if (NGX_LINUX) -+ if (path[0] == '@') { -+ saun->sun_path[0] = '\0'; -+ u->addrs[0].socklen = sizeof(sa_family_t) + strlen(path); -+ } -+#endif -+ - return NGX_OK; - - #else --- -2.17.1 diff --git a/patches/nginx-1.13.6-linux_abstract_sockets.patch b/patches/nginx-1.17.1-linux_abstract_sockets.patch similarity index 81% rename from patches/nginx-1.13.6-linux_abstract_sockets.patch rename to patches/nginx-1.17.1-linux_abstract_sockets.patch index b79ea16..d188e64 100644 --- a/patches/nginx-1.13.6-linux_abstract_sockets.patch +++ b/patches/nginx-1.17.1-linux_abstract_sockets.patch @@ -1,9 +1,3 @@ ---- - src/core/ngx_connection.c | 10 +++++++++- - src/core/ngx_cycle.c | 7 ++++++- - src/core/ngx_inet.c | 17 +++++++++++++++++ - 3 files changed, 32 insertions(+), 2 deletions(-) - diff --git a/src/core/ngx_connection.c b/src/core/ngx_connection.c index 33682532..b7b83225 100644 --- a/src/core/ngx_connection.c @@ -33,7 +27,7 @@ index 33682532..b7b83225 100644 && ngx_new_binary == 0) { diff --git a/src/core/ngx_cycle.c b/src/core/ngx_cycle.c -index f3ac24d7..143149fa 100644 +index 95f4bdfa..94f243d2 100644 --- a/src/core/ngx_cycle.c +++ b/src/core/ngx_cycle.c @@ -709,7 +709,12 @@ old_shm_zone_done: @@ -51,10 +45,10 @@ index f3ac24d7..143149fa 100644 name = ls[i].addr_text.data + sizeof("unix:") - 1; diff --git a/src/core/ngx_inet.c b/src/core/ngx_inet.c -index db48b93c..52a2d62e 100644 +index 4228504a..2d0bd68f 100644 --- a/src/core/ngx_inet.c +++ b/src/core/ngx_inet.c -@@ -242,6 +242,9 @@ ngx_sock_ntop(struct sockaddr *sa, socklen_t socklen, u_char *text, size_t len, +@@ -244,6 +244,9 @@ ngx_sock_ntop(struct sockaddr *sa, socklen_t socklen, u_char *text, size_t len, if (socklen <= (socklen_t) offsetof(struct sockaddr_un, sun_path)) { p = ngx_snprintf(text, len, "unix:%Z"); @@ -64,33 +58,31 @@ index db48b93c..52a2d62e 100644 } else { n = ngx_strnlen((u_char *) saun->sun_path, socklen - offsetof(struct sockaddr_un, sun_path)); -@@ -744,6 +747,13 @@ ngx_parse_unix_domain_url(ngx_pool_t *pool, ngx_url_t *u) +@@ -746,6 +749,13 @@ ngx_parse_unix_domain_url(ngx_pool_t *pool, ngx_url_t *u) saun->sun_family = AF_UNIX; (void) ngx_cpystrn((u_char *) saun->sun_path, path, len); +#if (NGX_LINUX) + if (path[0] == '@') { + saun->sun_path[0] = '\0'; -+ u->socklen = sizeof(sa_family_t) + strlen(path); ++ u->socklen = sizeof(sa_family_t) + len - 1; + } +#endif + u->addrs = ngx_pcalloc(pool, sizeof(ngx_addr_t)); if (u->addrs == NULL) { return NGX_ERROR; -@@ -765,6 +775,13 @@ ngx_parse_unix_domain_url(ngx_pool_t *pool, ngx_url_t *u) +@@ -767,6 +777,13 @@ ngx_parse_unix_domain_url(ngx_pool_t *pool, ngx_url_t *u) u->addrs[0].name.len = len + 4; u->addrs[0].name.data = u->url.data; +#if (NGX_LINUX) + if (path[0] == '@') { + saun->sun_path[0] = '\0'; -+ u->addrs[0].socklen = sizeof(sa_family_t) + strlen(path); ++ u->addrs[0].socklen = sizeof(sa_family_t) + len - 1; + } +#endif + return NGX_OK; #else --- -2.17.1 diff --git a/util/mirror-tarballs b/util/mirror-tarballs index 7f7f3f8..2e7f3de 100755 --- a/util/mirror-tarballs +++ b/util/mirror-tarballs @@ -394,7 +394,7 @@ if [ "$answer" = "N" ]; then echo fi -answer=`$root/util/ver-ge "$main_ver" 1.13.6` +answer=`$root/util/ver-ge "$main_ver" 1.17.1` if [ "$answer" = "Y" ]; then echo "$info_txt applying the linux_abstract_sockets patch for nginx" patch -p1 < $root/patches/nginx-$main_ver-linux_abstract_sockets.patch || exit 1