IntenseWebs/nginx
3
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2024-12-29 02:11:21 -06:00
Code Issues Packages Projects Releases Wiki Activity

Limit conn: limit_conn_dry_run directive.

Browse Source 
A new directive limit_conn_dry_run allows enabling the dry run mode.  In this
mode connections are not rejected, but reject status is logged as usual.
This commit is contained in:
Roman Arutyunyan 2019-11-19 11:30:41 +03:00
parent 271b12c711
commit b48c8718bf
2 changed files with 46 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
src/http/modules/ngx_http_limit_conn_module.c
View File

@ -40,6 +40,7 @@ typedef struct {
ngx_array_t limits; ngx_array_t limits;
ngx_uint_t log_level; ngx_uint_t log_level;
ngx_uint_t status_code; ngx_uint_t status_code;
ngx_flag_t dry_run;
} ngx_http_limit_conn_conf_t; } ngx_http_limit_conn_conf_t;
@ -102,6 +103,13 @@ static ngx_command_t ngx_http_limit_conn_commands[] = {
offsetof(ngx_http_limit_conn_conf_t, status_code), offsetof(ngx_http_limit_conn_conf_t, status_code),
&ngx_http_limit_conn_status_bounds }, &ngx_http_limit_conn_status_bounds },
{ ngx_string("limit_conn_dry_run"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
ngx_conf_set_flag_slot,
NGX_HTTP_LOC_CONF_OFFSET,
offsetof(ngx_http_limit_conn_conf_t, dry_run),
NULL },
ngx_null_command ngx_null_command
}; };
@ -200,6 +208,11 @@ ngx_http_limit_conn_handler(ngx_http_request_t *r)
if (node == NULL) { if (node == NULL) {
ngx_shmtx_unlock(&shpool->mutex); ngx_shmtx_unlock(&shpool->mutex);
ngx_http_limit_conn_cleanup_all(r->pool); ngx_http_limit_conn_cleanup_all(r->pool);
if (lccf->dry_run) {
return NGX_DECLINED;
}
return lccf->status_code; return lccf->status_code;
} }
@ -221,10 +234,16 @@ ngx_http_limit_conn_handler(ngx_http_request_t *r)
ngx_shmtx_unlock(&shpool->mutex); ngx_shmtx_unlock(&shpool->mutex);
ngx_log_error(lccf->log_level, r->connection->log, 0, ngx_log_error(lccf->log_level, r->connection->log, 0,
"limiting connections by zone \"%V\"", "limiting connections%s by zone \"%V\"",
lccf->dry_run ? ", dry run," : "",
&limits[i].shm_zone->shm.name); &limits[i].shm_zone->shm.name);
ngx_http_limit_conn_cleanup_all(r->pool); ngx_http_limit_conn_cleanup_all(r->pool);
if (lccf->dry_run) {
return NGX_DECLINED;
}
return lccf->status_code; return lccf->status_code;
} }
@ -466,6 +485,7 @@ ngx_http_limit_conn_create_conf(ngx_conf_t *cf)
conf->log_level = NGX_CONF_UNSET_UINT; conf->log_level = NGX_CONF_UNSET_UINT;
conf->status_code = NGX_CONF_UNSET_UINT; conf->status_code = NGX_CONF_UNSET_UINT;
conf->dry_run = NGX_CONF_UNSET;
return conf; return conf;
} }
@ -485,6 +505,8 @@ ngx_http_limit_conn_merge_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_conf_merge_uint_value(conf->status_code, prev->status_code, ngx_conf_merge_uint_value(conf->status_code, prev->status_code,
NGX_HTTP_SERVICE_UNAVAILABLE); NGX_HTTP_SERVICE_UNAVAILABLE);
ngx_conf_merge_value(conf->dry_run, prev->dry_run, 0);
return NGX_CONF_OK; return NGX_CONF_OK;
} }

24
src/stream/ngx_stream_limit_conn_module.c
View File

@ -39,6 +39,7 @@ typedef struct {
typedef struct { typedef struct {
ngx_array_t limits; ngx_array_t limits;
ngx_uint_t log_level; ngx_uint_t log_level;
ngx_flag_t dry_run;
} ngx_stream_limit_conn_conf_t; } ngx_stream_limit_conn_conf_t;
@ -89,6 +90,13 @@ static ngx_command_t ngx_stream_limit_conn_commands[] = {
offsetof(ngx_stream_limit_conn_conf_t, log_level), offsetof(ngx_stream_limit_conn_conf_t, log_level),
&ngx_stream_limit_conn_log_levels }, &ngx_stream_limit_conn_log_levels },
{ ngx_string("limit_conn_dry_run"),
NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG,
ngx_conf_set_flag_slot,
NGX_STREAM_SRV_CONF_OFFSET,
offsetof(ngx_stream_limit_conn_conf_t, dry_run),
NULL },
ngx_null_command ngx_null_command
}; };
@ -178,6 +186,11 @@ ngx_stream_limit_conn_handler(ngx_stream_session_t *s)
if (node == NULL) { if (node == NULL) {
ngx_shmtx_unlock(&shpool->mutex); ngx_shmtx_unlock(&shpool->mutex);
ngx_stream_limit_conn_cleanup_all(s->connection->pool); ngx_stream_limit_conn_cleanup_all(s->connection->pool);
if (lccf->dry_run) {
return NGX_DECLINED;
}
return NGX_STREAM_SERVICE_UNAVAILABLE; return NGX_STREAM_SERVICE_UNAVAILABLE;
} }
@ -199,10 +212,16 @@ ngx_stream_limit_conn_handler(ngx_stream_session_t *s)
ngx_shmtx_unlock(&shpool->mutex); ngx_shmtx_unlock(&shpool->mutex);
ngx_log_error(lccf->log_level, s->connection->log, 0, ngx_log_error(lccf->log_level, s->connection->log, 0,
"limiting connections by zone \"%V\"", "limiting connections%s by zone \"%V\"",
lccf->dry_run ? ", dry run," : "",
&limits[i].shm_zone->shm.name); &limits[i].shm_zone->shm.name);
ngx_stream_limit_conn_cleanup_all(s->connection->pool); ngx_stream_limit_conn_cleanup_all(s->connection->pool);
if (lccf->dry_run) {
return NGX_DECLINED;
}
return NGX_STREAM_SERVICE_UNAVAILABLE; return NGX_STREAM_SERVICE_UNAVAILABLE;
} }
@ -444,6 +463,7 @@ ngx_stream_limit_conn_create_conf(ngx_conf_t *cf)
*/ */
conf->log_level = NGX_CONF_UNSET_UINT; conf->log_level = NGX_CONF_UNSET_UINT;
conf->dry_run = NGX_CONF_UNSET;
return conf; return conf;
} }
@ -461,6 +481,8 @@ ngx_stream_limit_conn_merge_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_conf_merge_uint_value(conf->log_level, prev->log_level, NGX_LOG_ERR); ngx_conf_merge_uint_value(conf->log_level, prev->log_level, NGX_LOG_ERR);
ngx_conf_merge_value(conf->dry_run, prev->dry_run, 0);
return NGX_CONF_OK; return NGX_CONF_OK;
} }