NGINX R19 Javascript bug with keyval maps

classic Classic list List threaded Threaded
4 messages Options
xrd
Reply | Threaded
Open this post in threaded view
|

NGINX R19 Javascript bug with keyval maps

xrd
The new R19 introduces "type=ip" keyval maps.

Posting IP addresses (e.g., 1.2.3.4) seems to work from both, the API 5 REST
calls and from Javascript, except IPv6 addresses are not accepted.

Posting CIDR blocks (e.g., 1.2.3.0/24) works fine via the API 5 REST calls
but not via Javascript. CIDR entries will not show up in the map at all.

I am trying to feed a banlist into a map which used to be a "geo" directive.
This is done by a Javascript function because deleting the map and uploading
it again would cause a time of the map being empty.
Consistently, all CIDR ranges fail.

My keyval map definition:

    keyval_zone zone=banned:32m timeout=7d type=ip sync
state=/var/run/nginx/state/banned.json;
    keyval $custom_addr $map_bannedIP zone=banned;

As the placement of regular IP addresses also failed after a while, I tested
the function with this Javascript test handler set up as js_content handler
for a location:

function admin_mapBanned(r) {
    var v = r.variables;
    var here = "adminMapBanned";

    var n = 0;
    for (var a = 1; a < 240; a++) {
        for (var b = 1; b < 255; b++) {
            for (var c = 1; c < 255; c++) {
                for (var d = 1; d < 255; d++) {
                    n++;
                    var addr = "" + a + "." + b + "." + c + "." + d;
                    v.custom_addr = addr;
                    v.map_bannedIP = "1";
                    r.log("bannedIP[" + n + "]: " + addr + " => " + v.map_bannedIP);
                    if (!v.map_bannedIP) {
                        r.return(200);
                        return;
                    }
                }
            }
        }
    }
}

The results with different keyval zone sizes:
- 1m => 2964 entries
- 2m => 6000 entries
- 4m => 12032 entries
- 8m => 24128 entries
- 16m => 48304 entries
- 32m => 96704 entries

In consequence, this means a keyval map uses almost 350 bytes to store an IP
address and the value of "1". Wow! I would have expected this to be much
lower in memory consumption. Anyway, knowing this, I can at least reliably
feed IPv4 addresses now.

Please fix the Javascript issue with IPv6 and CIDR notations.

Thanks!
--j.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,285542,285542#msg-285542

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
xrd
Reply | Threaded
Open this post in threaded view
|

Re: NGINX R19 Javascript bug with keyval maps

xrd
A little correction to my earlier message: IPv6 addresses also seem to work.
In my test, I was checking for a dot in the key, and that excluded IPv6
addresses.

However, CIDR ranges still fail.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,285542,285543#msg-285543

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: NGINX R19 Javascript bug with keyval maps

Maxim Konovalov
Hello.

On 04/09/2019 06:20, j94305 wrote:
> A little correction to my earlier message: IPv6 addresses also seem to work.
> In my test, I was checking for a dot in the key, and that excluded IPv6
> addresses.
>
> However, CIDR ranges still fail.
>
Please approach nginx-plus support with this issue.

--
Maxim Konovalov
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
xrd
Reply | Threaded
Open this post in threaded view
|

Re: NGINX R19 Javascript bug with keyval maps

xrd
I did. They said it works as designed as keyval maps with type=ip have no
option to retrieve the status of entries other than by supplying IP
addresses. Values cannot be retrieved anymore if the key needs to be a CIDR
block.

I am doing a workaround now.

--j.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,285542,285598#msg-285598

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx