1*4882a593SmuzhiyunFrom 8ea5218b07f715e9616a846bf305633ef1b3aa2a Mon Sep 17 00:00:00 2001 2*4882a593SmuzhiyunFrom: Fabrice Fontaine <fontaine.fabrice@gmail.com> 3*4882a593SmuzhiyunDate: Sat, 14 Aug 2021 11:46:08 +0200 4*4882a593SmuzhiyunSubject: [PATCH] naxsi_src/naxsi_runtime.c: fix build without x_forwarded_for 5*4882a593Smuzhiyun 6*4882a593Smuzhiyunx_forwarded_for is not available if realip, geo, geoip or proxy modules 7*4882a593Smuzhiyunaren't enabled resulting in the following build failure since version 8*4882a593Smuzhiyun1.1a and 9*4882a593Smuzhiyunhttps://github.com/nbs-system/naxsi/commit/07a056ccd36bc3c5c40dc17991db226cb8cf6241: 10*4882a593Smuzhiyun 11*4882a593Smuzhiyun/home/buildroot/autobuild/instance-3/output-1/build/nginx-naxsi-1.3/naxsi_src/naxsi_runtime.c: In function 'ngx_http_naxsi_data_parse': 12*4882a593Smuzhiyun/home/buildroot/autobuild/instance-3/output-1/build/nginx-naxsi-1.3/naxsi_src/naxsi_runtime.c:2846:20: error: 'ngx_http_headers_in_t' has no member named 'x_forwarded_for' 13*4882a593Smuzhiyun if (r->headers_in.x_forwarded_for.nelts >= 1) { 14*4882a593Smuzhiyun ^ 15*4882a593Smuzhiyun 16*4882a593SmuzhiyunFixes: 17*4882a593Smuzhiyun - http://autobuild.buildroot.org/results/cdbc1536f6b5de3d4c836efa2f0dcaf0cdbb1462 18*4882a593Smuzhiyun 19*4882a593SmuzhiyunSigned-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> 20*4882a593Smuzhiyun[Upstream status: https://github.com/nbs-system/naxsi/pull/568] 21*4882a593Smuzhiyun--- 22*4882a593Smuzhiyun naxsi_src/naxsi_runtime.c | 7 ++++++- 23*4882a593Smuzhiyun 1 file changed, 6 insertions(+), 1 deletion(-) 24*4882a593Smuzhiyun 25*4882a593Smuzhiyundiff --git a/naxsi_src/naxsi_runtime.c b/naxsi_src/naxsi_runtime.c 26*4882a593Smuzhiyunindex 28e0b29..6a723d2 100644 27*4882a593Smuzhiyun--- a/naxsi_src/naxsi_runtime.c 28*4882a593Smuzhiyun+++ b/naxsi_src/naxsi_runtime.c 29*4882a593Smuzhiyun@@ -2842,10 +2842,12 @@ ngx_http_naxsi_data_parse(ngx_http_request_ctx_t* ctx, ngx_http_request_t* r) 30*4882a593Smuzhiyun unsigned int n = 0; 31*4882a593Smuzhiyun ngx_table_elt_t** h = NULL; 32*4882a593Smuzhiyun ngx_array_t a; 33*4882a593Smuzhiyun+#if (NGX_HTTP_X_FORWARDED_FOR) 34*4882a593Smuzhiyun if (r->headers_in.x_forwarded_for.nelts >= 1) { 35*4882a593Smuzhiyun a = r->headers_in.x_forwarded_for; 36*4882a593Smuzhiyun n = a.nelts; 37*4882a593Smuzhiyun } 38*4882a593Smuzhiyun+#endif 39*4882a593Smuzhiyun if (n >= 1) 40*4882a593Smuzhiyun h = a.elts; 41*4882a593Smuzhiyun if (n >= 1) { 42*4882a593Smuzhiyun@@ -2879,6 +2881,7 @@ ngx_http_naxsi_update_current_ctx_status(ngx_http_request_ctx_t* ctx, 43*4882a593Smuzhiyun 44*4882a593Smuzhiyun /*cr, sc, cf, ctx*/ 45*4882a593Smuzhiyun if (cf->check_rules && ctx->special_scores) { 46*4882a593Smuzhiyun+#if (NGX_HTTP_X_FORWARDED_FOR) 47*4882a593Smuzhiyun if (r->headers_in.x_forwarded_for.nelts >= 1) { 48*4882a593Smuzhiyun a = r->headers_in.x_forwarded_for; 49*4882a593Smuzhiyun n = a.nelts; 50*4882a593Smuzhiyun@@ -2896,7 +2899,9 @@ ngx_http_naxsi_update_current_ctx_status(ngx_http_request_ctx_t* ctx, 51*4882a593Smuzhiyun memcpy(ip.data, h[0]->value.data, ip.len); 52*4882a593Smuzhiyun ignore = nx_can_ignore_ip(&ip, cf) || nx_can_ignore_cidr(&ip, cf); 53*4882a593Smuzhiyun } 54*4882a593Smuzhiyun- } else { 55*4882a593Smuzhiyun+ } else 56*4882a593Smuzhiyun+#endif 57*4882a593Smuzhiyun+ { 58*4882a593Smuzhiyun ngx_str_t* ip = &r->connection->addr_text; 59*4882a593Smuzhiyun NX_DEBUG(_debug_whitelist_ignore, 60*4882a593Smuzhiyun NGX_LOG_DEBUG_HTTP, 61*4882a593Smuzhiyun-- 62*4882a593Smuzhiyun2.30.2 63*4882a593Smuzhiyun 64