From b48c8718bf9b135368c8c9eb969db5dce6e0ed35 Mon Sep 17 00:00:00 2001
From: Roman Arutyunyan <arut@nginx.com>
Date: Tue, 19 Nov 2019 11:30:41 +0300
Subject: [PATCH] Limit conn: limit_conn_dry_run directive.

A new directive limit_conn_dry_run allows enabling the dry run mode.  In this
mode connections are not rejected, but reject status is logged as usual.
---
 src/http/modules/ngx_http_limit_conn_module.c | 24 ++++++++++++++++++-
 src/stream/ngx_stream_limit_conn_module.c     | 24 ++++++++++++++++++-
 2 files changed, 46 insertions(+), 2 deletions(-)

diff --git a/src/http/modules/ngx_http_limit_conn_module.c b/src/http/modules/ngx_http_limit_conn_module.c
index 913d59934..b6be73238 100644
--- a/src/http/modules/ngx_http_limit_conn_module.c
+++ b/src/http/modules/ngx_http_limit_conn_module.c
@@ -40,6 +40,7 @@ typedef struct {
     ngx_array_t                limits;
     ngx_uint_t                 log_level;
     ngx_uint_t                 status_code;
+    ngx_flag_t                 dry_run;
 } ngx_http_limit_conn_conf_t;
 
 
@@ -102,6 +103,13 @@ static ngx_command_t  ngx_http_limit_conn_commands[] = {
       offsetof(ngx_http_limit_conn_conf_t, status_code),
       &ngx_http_limit_conn_status_bounds },
 
+    { ngx_string("limit_conn_dry_run"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+      ngx_conf_set_flag_slot,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      offsetof(ngx_http_limit_conn_conf_t, dry_run),
+      NULL },
+
       ngx_null_command
 };
 
@@ -200,6 +208,11 @@ ngx_http_limit_conn_handler(ngx_http_request_t *r)
             if (node == NULL) {
                 ngx_shmtx_unlock(&shpool->mutex);
                 ngx_http_limit_conn_cleanup_all(r->pool);
+
+                if (lccf->dry_run) {
+                    return NGX_DECLINED;
+                }
+
                 return lccf->status_code;
             }
 
@@ -221,10 +234,16 @@ ngx_http_limit_conn_handler(ngx_http_request_t *r)
                 ngx_shmtx_unlock(&shpool->mutex);
 
                 ngx_log_error(lccf->log_level, r->connection->log, 0,
-                              "limiting connections by zone \"%V\"",
+                              "limiting connections%s by zone \"%V\"",
+                              lccf->dry_run ? ", dry run," : "",
                               &limits[i].shm_zone->shm.name);
 
                 ngx_http_limit_conn_cleanup_all(r->pool);
+
+                if (lccf->dry_run) {
+                    return NGX_DECLINED;
+                }
+
                 return lccf->status_code;
             }
 
@@ -466,6 +485,7 @@ ngx_http_limit_conn_create_conf(ngx_conf_t *cf)
 
     conf->log_level = NGX_CONF_UNSET_UINT;
     conf->status_code = NGX_CONF_UNSET_UINT;
+    conf->dry_run = NGX_CONF_UNSET;
 
     return conf;
 }
@@ -485,6 +505,8 @@ ngx_http_limit_conn_merge_conf(ngx_conf_t *cf, void *parent, void *child)
     ngx_conf_merge_uint_value(conf->status_code, prev->status_code,
                               NGX_HTTP_SERVICE_UNAVAILABLE);
 
+    ngx_conf_merge_value(conf->dry_run, prev->dry_run, 0);
+
     return NGX_CONF_OK;
 }
 
diff --git a/src/stream/ngx_stream_limit_conn_module.c b/src/stream/ngx_stream_limit_conn_module.c
index b64a426c6..ebeaecf3e 100644
--- a/src/stream/ngx_stream_limit_conn_module.c
+++ b/src/stream/ngx_stream_limit_conn_module.c
@@ -39,6 +39,7 @@ typedef struct {
 typedef struct {
     ngx_array_t                  limits;
     ngx_uint_t                   log_level;
+    ngx_flag_t                   dry_run;
 } ngx_stream_limit_conn_conf_t;
 
 
@@ -89,6 +90,13 @@ static ngx_command_t  ngx_stream_limit_conn_commands[] = {
       offsetof(ngx_stream_limit_conn_conf_t, log_level),
       &ngx_stream_limit_conn_log_levels },
 
+    { ngx_string("limit_conn_dry_run"),
+      NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG,
+      ngx_conf_set_flag_slot,
+      NGX_STREAM_SRV_CONF_OFFSET,
+      offsetof(ngx_stream_limit_conn_conf_t, dry_run),
+      NULL },
+
       ngx_null_command
 };
 
@@ -178,6 +186,11 @@ ngx_stream_limit_conn_handler(ngx_stream_session_t *s)
             if (node == NULL) {
                 ngx_shmtx_unlock(&shpool->mutex);
                 ngx_stream_limit_conn_cleanup_all(s->connection->pool);
+
+                if (lccf->dry_run) {
+                    return NGX_DECLINED;
+                }
+
                 return NGX_STREAM_SERVICE_UNAVAILABLE;
             }
 
@@ -199,10 +212,16 @@ ngx_stream_limit_conn_handler(ngx_stream_session_t *s)
                 ngx_shmtx_unlock(&shpool->mutex);
 
                 ngx_log_error(lccf->log_level, s->connection->log, 0,
-                              "limiting connections by zone \"%V\"",
+                              "limiting connections%s by zone \"%V\"",
+                              lccf->dry_run ? ", dry run," : "",
                               &limits[i].shm_zone->shm.name);
 
                 ngx_stream_limit_conn_cleanup_all(s->connection->pool);
+
+                if (lccf->dry_run) {
+                    return NGX_DECLINED;
+                }
+
                 return NGX_STREAM_SERVICE_UNAVAILABLE;
             }
 
@@ -444,6 +463,7 @@ ngx_stream_limit_conn_create_conf(ngx_conf_t *cf)
      */
 
     conf->log_level = NGX_CONF_UNSET_UINT;
+    conf->dry_run = NGX_CONF_UNSET;
 
     return conf;
 }
@@ -461,6 +481,8 @@ ngx_stream_limit_conn_merge_conf(ngx_conf_t *cf, void *parent, void *child)
 
     ngx_conf_merge_uint_value(conf->log_level, prev->log_level, NGX_LOG_ERR);
 
+    ngx_conf_merge_value(conf->dry_run, prev->dry_run, 0);
+
     return NGX_CONF_OK;
 }