shankerwangmiao · October 11, 2023 04:15
diff --git a/nginx-ip-transp.patch b/nginx-ip-transp.patch
 diff --git a/auto/unix b/auto/unix
 index 43d3b25..2b229f7 100644
 --- a/auto/unix
 +++ b/auto/unix
 @@ -312,6 +312,17 @@ ngx_feature_test="cpu_set_t mask;
 . auto/feature
 
 
 +ngx_feature="IP_TRANSPARENT"
 +ngx_feature_name="NGX_HAVE_TRANSPARENT"
 +ngx_feature_run=no
 +ngx_feature_incs="#include <sys/socket.h>
 +                  #include <netinet/in.h>"
 +ngx_feature_path=
 +ngx_feature_libs=
 +ngx_feature_test="setsockopt(0, SOL_IP, IP_TRANSPARENT, NULL, 0)"
 +. auto/feature
 +
 +
 ngx_feature="SO_SETFIB"
 ngx_feature_name="NGX_HAVE_SETFIB"
 ngx_feature_run=no
 diff --git a/src/core/ngx_connection.c b/src/core/ngx_connection.c
 index 3368253..55661e3 100644
 --- a/src/core/ngx_connection.c
 +++ b/src/core/ngx_connection.c
 @@ -560,6 +560,25 @@ ngx_open_listening_sockets(ngx_cycle_t *cycle)
             }
 #endif
 
 +#if (NGX_HAVE_TRANSPARENT && defined IP_TRANSPARENT)
 +
 +	    if (ls[i].transparent) {
 +	        int  transparent;
 +
 +		transparent = (ls[i].transparent == 1);
 +
 +		if (setsockopt(s, SOL_IP, IP_TRANSPARENT,
 +                               (const void *) &transparent, sizeof(int))
 +                    == -1)
 +		{
 +		    ngx_log_error(NGX_LOG_EMERG, log, ngx_socket_errno,
 +                                  "setsockopt(IP_TRANSPARENT) for %V failed, "
 +				  "ignored",
 +                                  &ls[i].addr_text);
 +		}
 +	    }
 +#endif
 +
 #if (NGX_HAVE_INET6 && defined IPV6_V6ONLY)
 
             if (ls[i].sockaddr->sa_family == AF_INET6) {
 diff --git a/src/core/ngx_connection.h b/src/core/ngx_connection.h
 index 5405962..9055f96 100644
 --- a/src/core/ngx_connection.h
 +++ b/src/core/ngx_connection.h
 @@ -90,6 +90,10 @@ struct ngx_listening_s {
     int                 fastopen;
 #endif
 
 +#if (NGX_HAVE_TRANSPARENT && defined IP_TRANSPARENT)
 +    unsigned            transparent:1;
 +#endif
 +
 };
 
 
 diff --git a/src/event/ngx_event_accept.c b/src/event/ngx_event_accept.c
 index 4364240..2b0ae95 100644
 --- a/src/event/ngx_event_accept.c
 +++ b/src/event/ngx_event_accept.c
 @@ -212,8 +212,21 @@ ngx_event_accept(ngx_event_t *ev)
 
         c->socklen = socklen;
         c->listening = ls;
 +#if (NGX_HAVE_TRANSPARENT && defined IP_TRANSPARENT)
 +        if(ls->transparent) {
 +            c->local_sockaddr = NULL;
 +            c->local_socklen = 0;
 +            if (ngx_connection_local_sockaddr(c, NULL, 0) != NGX_OK) {
 +                ngx_close_accepted_connection(c);
 +                return;
 +            }
 +        }else{
 +#endif
         c->local_sockaddr = ls->sockaddr;
         c->local_socklen = ls->socklen;
 +#if (NGX_HAVE_TRANSPARENT && defined IP_TRANSPARENT)
 +        }
 +#endif
 
 #if (NGX_HAVE_UNIX_DOMAIN)
         if (c->sockaddr->sa_family == AF_UNIX) {
 diff --git a/src/http/ngx_http.c b/src/http/ngx_http.c
 index 5e20226..b274e91 100644
 --- a/src/http/ngx_http.c
 +++ b/src/http/ngx_http.c
 @@ -1738,6 +1738,11 @@ ngx_http_add_listening(ngx_conf_t *cf, ngx_http_conf_addr_t *addr)
     ls->sndbuf = addr->opt.sndbuf;
 
     ls->keepalive = addr->opt.so_keepalive;
 +
 +#if (NGX_HAVE_TRANSPARENT && defined IP_TRANSPARENT)
 +    ls->transparent = addr->opt.transparent;
 +#endif
 +
 #if (NGX_HAVE_KEEPALIVE_TUNABLE)
     ls->keepidle = addr->opt.tcp_keepidle;
     ls->keepintvl = addr->opt.tcp_keepintvl;
 diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c
 index c57ec00..97d9a48 100644
 --- a/src/http/ngx_http_core_module.c
 +++ b/src/http/ngx_http_core_module.c
 @@ -3913,6 +3913,18 @@ ngx_http_core_listen(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
             continue;
         }
 
 +	if (ngx_strcmp(value[n].data, "transparent") == 0) {
 +#if (NGX_HAVE_TRANSPARENT && defined IP_TRANSPARENT)
 +	    lsopt.transparent = 1;
 +#else
 +            ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
 +	                       "transparent mode is not supported "
 +			       "on this platform, ignored",
 +			       &value[n]);
 +#endif
 +	    continue;
 +	}
 +
         if (ngx_strncmp(value[n].data, "ipv6only=o", 10) == 0) {
 #if (NGX_HAVE_INET6 && defined IPV6_V6ONLY)
             struct sockaddr  *sa;
 diff --git a/src/http/ngx_http_core_module.h b/src/http/ngx_http_core_module.h
 index 4c6da7c..a77e609 100644
 --- a/src/http/ngx_http_core_module.h
 +++ b/src/http/ngx_http_core_module.h
 @@ -81,6 +81,9 @@ typedef struct {
     unsigned                   reuseport:1;
     unsigned                   so_keepalive:2;
     unsigned                   proxy_protocol:1;
 +#if (NGX_HAVE_TRANSPARENT && defined IP_TRANSPARENT)
 +    unsigned                   transparent:1;
 +#endif
 
     int                        backlog;
     int                        rcvbuf;
 diff --git a/src/stream/ngx_stream.c b/src/stream/ngx_stream.c
 index 4abe387..4bd8a5e 100644
 --- a/src/stream/ngx_stream.c
 +++ b/src/stream/ngx_stream.c
 @@ -500,6 +500,11 @@ ngx_stream_optimize_servers(ngx_conf_t *cf, ngx_array_t *ports)
             ls->wildcard = addr[i].opt.wildcard;
 
             ls->keepalive = addr[i].opt.so_keepalive;
 +
 +#if (NGX_HAVE_TRANSPARENT && defined IP_TRANSPARENT)
 +            ls->transparent = addr[i].opt.transparent;
 +#endif
 +
 #if (NGX_HAVE_KEEPALIVE_TUNABLE)
             ls->keepidle = addr[i].opt.tcp_keepidle;
             ls->keepintvl = addr[i].opt.tcp_keepintvl;
 diff --git a/src/stream/ngx_stream.h b/src/stream/ngx_stream.h
 index 09d2459..a7baddd 100644
 --- a/src/stream/ngx_stream.h
 +++ b/src/stream/ngx_stream.h
 @@ -56,6 +56,9 @@ typedef struct {
     unsigned                       reuseport:1;
     unsigned                       so_keepalive:2;
     unsigned                       proxy_protocol:1;
 +#if (NGX_HAVE_TRANSPARENT && defined IP_TRANSPARENT)
 +    unsigned                       transparent:1;
 +#endif
 #if (NGX_HAVE_KEEPALIVE_TUNABLE)
     int                            tcp_keepidle;
     int                            tcp_keepintvl;
 diff --git a/src/stream/ngx_stream_core_module.c b/src/stream/ngx_stream_core_module.c
 index 96e7c9a..b767807 100644
 --- a/src/stream/ngx_stream_core_module.c
 +++ b/src/stream/ngx_stream_core_module.c
 @@ -617,6 +617,10 @@ ngx_stream_core_listen(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
     ls->ipv6only = 1;
 #endif
 
 +#if (NGX_HAVE_TRANSPARENT && defined IP_TRANSPARENT)
 +    ls->transparent = 0;
 +#endif
 +
     backlog = 0;
 
     for (i = 2; i < cf->args->nelts; i++) {
 @@ -679,6 +683,17 @@ ngx_stream_core_listen(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
 
             continue;
         }
 +        if (ngx_strcmp(value[i].data, "transparent") == 0) {
 +#if (NGX_HAVE_TRANSPARENT && defined IP_TRANSPARENT)
 +            ls->transparent = 1;
 +#else
 +            ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
 +                               "transparent mode is not supported "
 +                               "on this platform, ignored",
 +                               &value[i]);
 +#endif
 +            continue;
 +        }
 
         if (ngx_strncmp(value[i].data, "ipv6only=o", 10) == 0) {
 #if (NGX_HAVE_INET6 && defined IPV6_V6ONLY)
	diff --git a/auto/unix b/auto/unix
	index 43d3b25..2b229f7 100644
	--- a/auto/unix
	+++ b/auto/unix
	@@ -312,6 +312,17 @@ ngx_feature_test="cpu_set_t mask;
	. auto/feature


	+ngx_feature="IP_TRANSPARENT"
	+ngx_feature_name="NGX_HAVE_TRANSPARENT"
	+ngx_feature_run=no
	+ngx_feature_incs="#include <sys/socket.h>
	+ #include <netinet/in.h>"
	+ngx_feature_path=
	+ngx_feature_libs=
	+ngx_feature_test="setsockopt(0, SOL_IP, IP_TRANSPARENT, NULL, 0)"
	+. auto/feature
	+
	+
	ngx_feature="SO_SETFIB"
	ngx_feature_name="NGX_HAVE_SETFIB"
	ngx_feature_run=no
	diff --git a/src/core/ngx_connection.c b/src/core/ngx_connection.c
	index 3368253..55661e3 100644
	--- a/src/core/ngx_connection.c
	+++ b/src/core/ngx_connection.c
	@@ -560,6 +560,25 @@ ngx_open_listening_sockets(ngx_cycle_t *cycle)
	}
	#endif

	+#if (NGX_HAVE_TRANSPARENT && defined IP_TRANSPARENT)
	+
	+ if (ls[i].transparent) {
	+ int transparent;
	+
	+ transparent = (ls[i].transparent == 1);
	+
	+ if (setsockopt(s, SOL_IP, IP_TRANSPARENT,
	+ (const void *) &transparent, sizeof(int))
	+ == -1)
	+ {
	+ ngx_log_error(NGX_LOG_EMERG, log, ngx_socket_errno,
	+ "setsockopt(IP_TRANSPARENT) for %V failed, "
	+ "ignored",
	+ &ls[i].addr_text);
	+ }
	+ }
	+#endif
	+
	#if (NGX_HAVE_INET6 && defined IPV6_V6ONLY)

	if (ls[i].sockaddr->sa_family == AF_INET6) {
	diff --git a/src/core/ngx_connection.h b/src/core/ngx_connection.h
	index 5405962..9055f96 100644
	--- a/src/core/ngx_connection.h
	+++ b/src/core/ngx_connection.h
	@@ -90,6 +90,10 @@ struct ngx_listening_s {
	int fastopen;
	#endif

	+#if (NGX_HAVE_TRANSPARENT && defined IP_TRANSPARENT)
	+ unsigned transparent:1;
	+#endif
	+
	};


	diff --git a/src/event/ngx_event_accept.c b/src/event/ngx_event_accept.c
	index 4364240..2b0ae95 100644
	--- a/src/event/ngx_event_accept.c
	+++ b/src/event/ngx_event_accept.c
	@@ -212,8 +212,21 @@ ngx_event_accept(ngx_event_t *ev)

	c->socklen = socklen;
	c->listening = ls;
	+#if (NGX_HAVE_TRANSPARENT && defined IP_TRANSPARENT)
	+ if(ls->transparent) {
	+ c->local_sockaddr = NULL;
	+ c->local_socklen = 0;
	+ if (ngx_connection_local_sockaddr(c, NULL, 0) != NGX_OK) {
	+ ngx_close_accepted_connection(c);
	+ return;
	+ }
	+ }else{
	+#endif
	c->local_sockaddr = ls->sockaddr;
	c->local_socklen = ls->socklen;
	+#if (NGX_HAVE_TRANSPARENT && defined IP_TRANSPARENT)
	+ }
	+#endif

	#if (NGX_HAVE_UNIX_DOMAIN)
	if (c->sockaddr->sa_family == AF_UNIX) {
	diff --git a/src/http/ngx_http.c b/src/http/ngx_http.c
	index 5e20226..b274e91 100644
	--- a/src/http/ngx_http.c
	+++ b/src/http/ngx_http.c
	@@ -1738,6 +1738,11 @@ ngx_http_add_listening(ngx_conf_t cf, ngx_http_conf_addr_t addr)
	ls->sndbuf = addr->opt.sndbuf;

	ls->keepalive = addr->opt.so_keepalive;
	+
	+#if (NGX_HAVE_TRANSPARENT && defined IP_TRANSPARENT)
	+ ls->transparent = addr->opt.transparent;
	+#endif
	+
	#if (NGX_HAVE_KEEPALIVE_TUNABLE)
	ls->keepidle = addr->opt.tcp_keepidle;
	ls->keepintvl = addr->opt.tcp_keepintvl;
	diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c
	index c57ec00..97d9a48 100644
	--- a/src/http/ngx_http_core_module.c
	+++ b/src/http/ngx_http_core_module.c
	@@ -3913,6 +3913,18 @@ ngx_http_core_listen(ngx_conf_t cf, ngx_command_t cmd, void *conf)
	continue;
	}

	+ if (ngx_strcmp(value[n].data, "transparent") == 0) {
	+#if (NGX_HAVE_TRANSPARENT && defined IP_TRANSPARENT)
	+ lsopt.transparent = 1;
	+#else
	+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
	+ "transparent mode is not supported "
	+ "on this platform, ignored",
	+ &value[n]);
	+#endif
	+ continue;
	+ }
	+
	if (ngx_strncmp(value[n].data, "ipv6only=o", 10) == 0) {
	#if (NGX_HAVE_INET6 && defined IPV6_V6ONLY)
	struct sockaddr *sa;
	diff --git a/src/http/ngx_http_core_module.h b/src/http/ngx_http_core_module.h
	index 4c6da7c..a77e609 100644
	--- a/src/http/ngx_http_core_module.h
	+++ b/src/http/ngx_http_core_module.h
	@@ -81,6 +81,9 @@ typedef struct {
	unsigned reuseport:1;
	unsigned so_keepalive:2;
	unsigned proxy_protocol:1;
	+#if (NGX_HAVE_TRANSPARENT && defined IP_TRANSPARENT)
	+ unsigned transparent:1;
	+#endif

	int backlog;
	int rcvbuf;
	diff --git a/src/stream/ngx_stream.c b/src/stream/ngx_stream.c
	index 4abe387..4bd8a5e 100644
	--- a/src/stream/ngx_stream.c
	+++ b/src/stream/ngx_stream.c
	@@ -500,6 +500,11 @@ ngx_stream_optimize_servers(ngx_conf_t cf, ngx_array_t ports)
	ls->wildcard = addr[i].opt.wildcard;

	ls->keepalive = addr[i].opt.so_keepalive;
	+
	+#if (NGX_HAVE_TRANSPARENT && defined IP_TRANSPARENT)
	+ ls->transparent = addr[i].opt.transparent;
	+#endif
	+
	#if (NGX_HAVE_KEEPALIVE_TUNABLE)
	ls->keepidle = addr[i].opt.tcp_keepidle;
	ls->keepintvl = addr[i].opt.tcp_keepintvl;
	diff --git a/src/stream/ngx_stream.h b/src/stream/ngx_stream.h
	index 09d2459..a7baddd 100644
	--- a/src/stream/ngx_stream.h
	+++ b/src/stream/ngx_stream.h
	@@ -56,6 +56,9 @@ typedef struct {
	unsigned reuseport:1;
	unsigned so_keepalive:2;
	unsigned proxy_protocol:1;
	+#if (NGX_HAVE_TRANSPARENT && defined IP_TRANSPARENT)
	+ unsigned transparent:1;
	+#endif
	#if (NGX_HAVE_KEEPALIVE_TUNABLE)
	int tcp_keepidle;
	int tcp_keepintvl;
	diff --git a/src/stream/ngx_stream_core_module.c b/src/stream/ngx_stream_core_module.c
	index 96e7c9a..b767807 100644
	--- a/src/stream/ngx_stream_core_module.c
	+++ b/src/stream/ngx_stream_core_module.c
	@@ -617,6 +617,10 @@ ngx_stream_core_listen(ngx_conf_t cf, ngx_command_t cmd, void *conf)
	ls->ipv6only = 1;
	#endif

	+#if (NGX_HAVE_TRANSPARENT && defined IP_TRANSPARENT)
	+ ls->transparent = 0;
	+#endif
	+
	backlog = 0;

	for (i = 2; i < cf->args->nelts; i++) {
	@@ -679,6 +683,17 @@ ngx_stream_core_listen(ngx_conf_t cf, ngx_command_t cmd, void *conf)

	continue;
	}
	+ if (ngx_strcmp(value[i].data, "transparent") == 0) {
	+#if (NGX_HAVE_TRANSPARENT && defined IP_TRANSPARENT)
	+ ls->transparent = 1;
	+#else
	+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
	+ "transparent mode is not supported "
	+ "on this platform, ignored",
	+ &value[i]);
	+#endif
	+ continue;
	+ }

	if (ngx_strncmp(value[i].data, "ipv6only=o", 10) == 0) {
	#if (NGX_HAVE_INET6 && defined IPV6_V6ONLY)