2 * Copyright (C) 1996-2022 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
10 #include "AccessLogEntry.h"
12 #include "client_side.h"
13 #include "comm/Connection.h"
14 #include "error/Detail.h"
15 #include "errorpage.h"
17 #include "format/Format.h"
18 #include "format/Quoting.h"
19 #include "format/Token.h"
20 #include "http/Stream.h"
21 #include "HttpRequest.h"
23 #include "proxyp/Header.h"
25 #include "sbuf/Stream.h"
26 #include "sbuf/StringConvert.h"
27 #include "security/CertError.h"
28 #include "security/Certificate.h"
29 #include "security/NegotiationHistory.h"
33 #include "ssl/ErrorDetail.h"
34 #include "ssl/ServerBump.h"
37 /// Convert a string to NULL pointer if it is ""
38 #define strOrNull(s) ((s)==NULL||(s)[0]=='\0'?NULL:(s))
40 const SBuf
Format::Dash("-");
42 Format::Format::Format(const char *n
) :
49 Format::Format::~Format()
51 // erase the list without consuming stack space
53 // unlink the next entry for deletion
66 Format::Format::parse(const char *def
)
68 const char *cur
, *eos
;
69 Token
*new_lt
, *last_lt
;
70 enum Quoting quote
= LOG_QUOTE_NONE
;
72 debugs(46, 2, "got definition '" << def
<< "'");
75 debugs(46, DBG_IMPORTANT
, "WARNING: existing format for '" << name
<< " " << def
<< "'");
79 /* very inefficient parser, but who cares, this needs to be simple */
80 /* First off, let's tokenize, we'll optimize in a second pass.
81 * A token can either be a %-prefixed sequence (usually a dynamic
82 * token but it can be an escaped sequence), or a string. */
84 eos
= def
+ strlen(def
);
85 format
= new_lt
= last_lt
= new Token
;
86 cur
+= new_lt
->parse(cur
, "e
);
90 last_lt
->next
= new_lt
;
92 cur
+= new_lt
->parse(cur
, "e
);
99 Format::AssembleOne(const char *token
, MemBuf
&mb
, const AccessLogEntryPointer
&ale
)
102 enum Quoting quote
= LOG_QUOTE_NONE
;
103 const auto tokenSize
= tkn
.parse(token
, "e
);
104 assert(tokenSize
> 0);
105 if (ale
!= nullptr) {
106 Format
fmt("SimpleToken");
108 fmt
.assemble(mb
, ale
, 0);
109 fmt
.format
= nullptr;
113 return static_cast<size_t>(tokenSize
);
117 Format::Format::dump(StoreEntry
* entry
, const char *directiveName
, bool eol
) const
119 debugs(46, 4, MYNAME
);
121 // loop rather than recursing to conserve stack space.
122 for (const Format
*fmt
= this; fmt
; fmt
= fmt
->next
) {
123 debugs(46, 3, "Dumping format definition for " << fmt
->name
);
125 storeAppendPrintf(entry
, "%s %s ", directiveName
, fmt
->name
);
127 for (Token
*t
= fmt
->format
; t
; t
= t
->next
) {
128 if (t
->type
== LFT_STRING
)
129 storeAppendPrintf(entry
, "%s", t
->data
.string
);
133 ByteCode_t type
= t
->type
;
141 case LFT_ADAPTATION_LAST_HEADER_ELEM
:
144 case LFT_ICAP_REQ_HEADER_ELEM
:
145 case LFT_ICAP_REP_HEADER_ELEM
:
147 case LFT_REQUEST_HEADER_ELEM
:
148 case LFT_ADAPTED_REQUEST_HEADER_ELEM
:
149 case LFT_REPLY_HEADER_ELEM
:
151 if (t
->data
.header
.separator
!= ',')
152 snprintf(argbuf
, sizeof(argbuf
), "%s:%c%s", t
->data
.header
.header
, t
->data
.header
.separator
, t
->data
.header
.element
);
154 snprintf(argbuf
, sizeof(argbuf
), "%s:%s", t
->data
.header
.header
, t
->data
.header
.element
);
159 case LFT_REQUEST_HEADER_ELEM
:
160 type
= LFT_REQUEST_HEADER_ELEM
; // XXX: remove _ELEM?
162 case LFT_ADAPTED_REQUEST_HEADER_ELEM
:
163 type
= LFT_ADAPTED_REQUEST_HEADER_ELEM
; // XXX: remove _ELEM?
165 case LFT_REPLY_HEADER_ELEM
:
166 type
= LFT_REPLY_HEADER_ELEM
; // XXX: remove _ELEM?
169 case LFT_ADAPTATION_LAST_HEADER_ELEM
:
170 type
= LFT_ADAPTATION_LAST_HEADER
;
174 case LFT_ICAP_REQ_HEADER_ELEM
:
175 type
= LFT_ICAP_REQ_HEADER
;
177 case LFT_ICAP_REP_HEADER_ELEM
:
178 type
= LFT_ICAP_REP_HEADER
;
187 case LFT_REQUEST_ALL_HEADERS
:
188 case LFT_ADAPTED_REQUEST_ALL_HEADERS
:
189 case LFT_REPLY_ALL_HEADERS
:
192 case LFT_ADAPTATION_LAST_ALL_HEADERS
:
195 case LFT_ICAP_REQ_ALL_HEADERS
:
196 case LFT_ICAP_REP_ALL_HEADERS
:
200 case LFT_REQUEST_ALL_HEADERS
:
201 type
= LFT_REQUEST_HEADER
;
203 case LFT_ADAPTED_REQUEST_ALL_HEADERS
:
204 type
= LFT_ADAPTED_REQUEST_HEADER
;
206 case LFT_REPLY_ALL_HEADERS
:
207 type
= LFT_REPLY_HEADER
;
210 case LFT_ADAPTATION_LAST_ALL_HEADERS
:
211 type
= LFT_ADAPTATION_LAST_HEADER
;
215 case LFT_ICAP_REQ_ALL_HEADERS
:
216 type
= LFT_ICAP_REQ_HEADER
;
218 case LFT_ICAP_REP_ALL_HEADERS
:
219 type
= LFT_ICAP_REP_HEADER
;
230 arg
= t
->data
.string
;
235 entry
->append("%", 1);
239 case LOG_QUOTE_QUOTES
:
240 entry
->append("\"", 1);
243 case LOG_QUOTE_MIMEBLOB
:
244 entry
->append("[", 1);
248 entry
->append("#", 1);
252 entry
->append("'", 1);
255 case LOG_QUOTE_SHELL
:
256 entry
->append("/", 1);
264 entry
->append("-", 1);
267 entry
->append("0", 1);
269 if (t
->widthMin
>= 0)
270 storeAppendPrintf(entry
, "%d", t
->widthMin
);
272 if (t
->widthMax
>= 0)
273 storeAppendPrintf(entry
, ".%d", t
->widthMax
);
276 storeAppendPrintf(entry
, "{%s}", arg
);
278 storeAppendPrintf(entry
, "%s", t
->label
);
281 entry
->append(" ", 1);
286 entry
->append("\n", 1);
292 log_quoted_string(const char *str
, char *out
)
297 int l
= strcspn(str
, "\"\\\r\n\t");
344 /// XXX: Misnamed. TODO: Split <h (and this function) to distinguish received
345 /// headers from sent headers rather than failing to distinguish requests from responses.
346 /// \retval HttpReply sent to the HTTP client (access.log and default context).
347 /// \retval HttpReply received (encapsulated) from the ICAP server (icap.log context).
348 /// \retval HttpRequest received (encapsulated) from the ICAP server (icap.log context).
349 static const Http::Message
*
350 actualReplyHeader(const AccessLogEntry::Pointer
&al
)
352 const Http::Message
*msg
= al
->reply
.getRaw();
354 // al->icap.reqMethod is methodNone in access.log context
355 if (!msg
&& al
->icap
.reqMethod
== Adaptation::methodReqmod
)
356 msg
= al
->adapted_request
;
361 /// XXX: Misnamed. See actualReplyHeader().
362 /// \return HttpRequest or HttpReply for %http::>h.
363 static const Http::Message
*
364 actualRequestHeader(const AccessLogEntry::Pointer
&al
)
367 // al->icap.reqMethod is methodNone in access.log context
368 if (al
->icap
.reqMethod
== Adaptation::methodRespmod
) {
369 // XXX: for now AccessLogEntry lacks virgin response headers
377 Format::Format::assemble(MemBuf
&mb
, const AccessLogEntry::Pointer
&al
, int logSequenceNumber
) const
379 static char tmp
[1024];
382 for (Token
*fmt
= format
; fmt
; fmt
= fmt
->next
) { /* for each token */
383 const char *out
= nullptr;
390 struct timeval outtv
= {};
393 bool doUint64
= false;
394 uint64_t outUint64
= 0;
403 out
= fmt
->data
.string
;
406 case LFT_CLIENT_IP_ADDRESS
:
407 al
->getLogClientIp(tmp
, sizeof(tmp
));
411 case LFT_CLIENT_FQDN
:
412 out
= al
->getLogClientFqdn(tmp
, sizeof(tmp
));
415 case LFT_CLIENT_PORT
:
417 outint
= al
->request
->client_addr
.port();
419 } else if (al
->tcpClient
) {
420 outint
= al
->tcpClient
->remote
.port();
427 // TODO make the ACL checklist have a direct link to any TCP details.
428 if (al
->request
&& al
->request
->clientConnectionManager
.valid() &&
429 al
->request
->clientConnectionManager
->clientConnection
) {
430 const auto &conn
= al
->request
->clientConnectionManager
->clientConnection
;
431 if (conn
->remote
.isIPv4())
432 conn
->remoteEui48
.encode(tmp
, sizeof(tmp
));
434 conn
->remoteEui64
.encode(tmp
, sizeof(tmp
));
440 case LFT_EXT_ACL_CLIENT_EUI48
:
442 if (al
->request
&& al
->request
->clientConnectionManager
.valid() &&
443 al
->request
->clientConnectionManager
->clientConnection
&&
444 al
->request
->clientConnectionManager
->clientConnection
->remote
.isIPv4()) {
445 al
->request
->clientConnectionManager
->clientConnection
->remoteEui48
.encode(tmp
, sizeof(tmp
));
451 case LFT_EXT_ACL_CLIENT_EUI64
:
453 if (al
->request
&& al
->request
->clientConnectionManager
.valid() &&
454 al
->request
->clientConnectionManager
->clientConnection
&&
455 !al
->request
->clientConnectionManager
->clientConnection
->remote
.isIPv4()) {
456 al
->request
->clientConnectionManager
->clientConnection
->remoteEui64
.encode(tmp
, sizeof(tmp
));
462 case LFT_SERVER_IP_ADDRESS
:
463 if (al
->hier
.tcpServer
)
464 out
= al
->hier
.tcpServer
->remote
.toStr(tmp
, sizeof(tmp
));
467 case LFT_SERVER_FQDN_OR_PEER_NAME
:
471 case LFT_SERVER_PORT
:
472 if (al
->hier
.tcpServer
) {
473 outint
= al
->hier
.tcpServer
->remote
.port();
478 case LFT_LOCAL_LISTENING_IP
:
479 if (const auto addr
= FindListeningPortAddress(nullptr, al
.getRaw()))
480 out
= addr
->toStr(tmp
, sizeof(tmp
));
483 case LFT_CLIENT_LOCAL_IP
:
485 out
= al
->tcpClient
->local
.toStr(tmp
, sizeof(tmp
));
488 case LFT_CLIENT_LOCAL_TOS
:
490 sb
.appendf("0x%x", static_cast<uint32_t>(al
->tcpClient
->tos
));
495 case LFT_TRANSPORT_CLIENT_CONNECTION_ID
:
497 outUint64
= al
->tcpClient
->id
.value
;
502 case LFT_CLIENT_LOCAL_NFMARK
:
504 sb
.appendf("0x%x", al
->tcpClient
->nfmark
);
509 case LFT_LOCAL_LISTENING_PORT
:
510 if (const auto port
= FindListeningPortNumber(nullptr, al
.getRaw())) {
516 case LFT_CLIENT_LOCAL_PORT
:
518 outint
= al
->tcpClient
->local
.port();
523 case LFT_SERVER_LOCAL_IP_OLD_27
:
524 case LFT_SERVER_LOCAL_IP
:
525 if (al
->hier
.tcpServer
)
526 out
= al
->hier
.tcpServer
->local
.toStr(tmp
, sizeof(tmp
));
529 case LFT_SERVER_LOCAL_PORT
:
530 if (al
->hier
.tcpServer
) {
531 outint
= al
->hier
.tcpServer
->local
.port();
536 case LFT_SERVER_LOCAL_TOS
:
537 if (al
->hier
.tcpServer
) {
538 sb
.appendf("0x%x", static_cast<uint32_t>(al
->hier
.tcpServer
->tos
));
543 case LFT_SERVER_LOCAL_NFMARK
:
544 if (al
->hier
.tcpServer
) {
545 sb
.appendf("0x%x", al
->hier
.tcpServer
->nfmark
);
550 case LFT_CLIENT_HANDSHAKE
:
551 if (al
->request
&& al
->request
->clientConnectionManager
.valid()) {
552 const auto &handshake
= al
->request
->clientConnectionManager
->preservedClientData
;
553 if (const auto rawLength
= handshake
.length()) {
554 // add 1 byte to optimize the c_str() conversion below
555 char *buf
= sb
.rawAppendStart(base64_encode_len(rawLength
) + 1);
557 struct base64_encode_ctx ctx
;
558 base64_encode_init(&ctx
);
559 auto encLength
= base64_encode_update(&ctx
, buf
, rawLength
, reinterpret_cast<const uint8_t*>(handshake
.rawContent()));
560 encLength
+= base64_encode_final(&ctx
, buf
+ encLength
);
562 sb
.rawAppendFinish(buf
, encLength
);
568 case LFT_TIME_SECONDS_SINCE_EPOCH
:
569 // some platforms store time in 32-bit, some 64-bit...
570 outoff
= static_cast<int64_t>(current_time
.tv_sec
);
574 case LFT_TIME_SUBSECOND
:
575 outint
= current_time
.tv_usec
/ fmt
->divisor
;
579 case LFT_TIME_LOCALTIME
:
583 spec
= fmt
->data
.string
;
585 if (fmt
->type
== LFT_TIME_LOCALTIME
) {
587 spec
= "%d/%b/%Y:%H:%M:%S %z";
588 t
= localtime(&squid_curtime
);
591 spec
= "%d/%b/%Y:%H:%M:%S";
593 t
= gmtime(&squid_curtime
);
596 strftime(tmp
, sizeof(tmp
), spec
, t
);
602 outtv
= al
->cache
.start_time
;
606 case LFT_TIME_TO_HANDLE_REQUEST
:
607 outtv
= al
->cache
.trTime
;
611 case LFT_PEER_RESPONSE_TIME
:
612 struct timeval peerResponseTime
;
613 if (al
->hier
.peerResponseTime(peerResponseTime
)) {
614 outtv
= peerResponseTime
;
619 case LFT_TOTAL_SERVER_SIDE_RESPONSE_TIME
: {
620 struct timeval totalResponseTime
;
621 if (al
->hier
.totalResponseTime(totalResponseTime
)) {
622 outtv
= totalResponseTime
;
628 case LFT_DNS_WAIT_TIME
:
629 if (al
->request
&& al
->request
->dnsWait
>= 0) {
630 // TODO: microsecond precision for dns wait time.
631 // Convert milliseconds to timeval struct:
632 outtv
.tv_sec
= al
->request
->dnsWait
/ 1000;
633 outtv
.tv_usec
= (al
->request
->dnsWait
% 1000) * 1000;
638 case LFT_REQUEST_HEADER
:
639 if (const Http::Message
*msg
= actualRequestHeader(al
)) {
640 sb
= StringToSBuf(msg
->header
.getByName(fmt
->data
.header
.header
));
646 case LFT_ADAPTED_REQUEST_HEADER
:
647 if (al
->adapted_request
) {
648 sb
= StringToSBuf(al
->adapted_request
->header
.getByName(fmt
->data
.header
.header
));
654 case LFT_REPLY_HEADER
:
655 if (const Http::Message
*msg
= actualReplyHeader(al
)) {
656 sb
= StringToSBuf(msg
->header
.getByName(fmt
->data
.header
.header
));
663 case LFT_ADAPTATION_SUM_XACT_TIMES
:
665 Adaptation::History::Pointer ah
= al
->request
->adaptHistory();
667 ah
->sumLogString(fmt
->data
.string
, sb
);
673 case LFT_ADAPTATION_ALL_XACT_TIMES
:
675 Adaptation::History::Pointer ah
= al
->request
->adaptHistory();
677 ah
->allLogString(fmt
->data
.string
, sb
);
683 case LFT_ADAPTATION_LAST_HEADER
:
685 const Adaptation::History::Pointer ah
= al
->request
->adaptHistory();
686 if (ah
) { // XXX: add adapt::<all_h but use lastMeta here
687 sb
= StringToSBuf(ah
->allMeta
.getByName(fmt
->data
.header
.header
));
694 case LFT_ADAPTATION_LAST_HEADER_ELEM
:
696 const Adaptation::History::Pointer ah
= al
->request
->adaptHistory();
697 if (ah
) { // XXX: add adapt::<all_h but use lastMeta here
698 sb
= ah
->allMeta
.getByNameListMember(fmt
->data
.header
.header
, fmt
->data
.header
.element
, fmt
->data
.header
.separator
);
705 case LFT_ADAPTATION_LAST_ALL_HEADERS
:
706 out
= al
->adapt
.last_meta
;
713 out
= al
->icap
.hostAddr
.toStr(tmp
, sizeof(tmp
));
716 case LFT_ICAP_SERV_NAME
:
717 out
= al
->icap
.serviceName
.termedBuf();
720 case LFT_ICAP_REQUEST_URI
:
721 out
= al
->icap
.reqUri
.termedBuf();
724 case LFT_ICAP_REQUEST_METHOD
:
725 out
= Adaptation::Icap::ICAP::methodStr(al
->icap
.reqMethod
);
728 case LFT_ICAP_BYTES_SENT
:
729 outoff
= al
->icap
.bytesSent
;
733 case LFT_ICAP_BYTES_READ
:
734 outoff
= al
->icap
.bytesRead
;
738 case LFT_ICAP_BODY_BYTES_READ
:
739 if (al
->icap
.bodyBytesRead
>= 0) {
740 outoff
= al
->icap
.bodyBytesRead
;
743 // else if icap.bodyBytesRead < 0, we do not have any http data,
744 // so just print a "-" (204 responses etc)
747 case LFT_ICAP_REQ_HEADER
:
748 if (al
->icap
.request
) {
749 sb
= StringToSBuf(al
->icap
.request
->header
.getByName(fmt
->data
.header
.header
));
755 case LFT_ICAP_REQ_HEADER_ELEM
:
756 if (al
->icap
.request
) {
757 sb
= al
->icap
.request
->header
.getByNameListMember(fmt
->data
.header
.header
, fmt
->data
.header
.element
, fmt
->data
.header
.separator
);
763 case LFT_ICAP_REQ_ALL_HEADERS
:
764 if (al
->icap
.request
) {
765 HttpHeaderPos pos
= HttpHeaderInitPos
;
766 while (const HttpHeaderEntry
*e
= al
->icap
.request
->header
.getEntry(&pos
)) {
769 sb
.append(StringToSBuf(e
->value
));
777 case LFT_ICAP_REP_HEADER
:
778 if (al
->icap
.reply
) {
779 sb
= StringToSBuf(al
->icap
.reply
->header
.getByName(fmt
->data
.header
.header
));
785 case LFT_ICAP_REP_HEADER_ELEM
:
786 if (al
->icap
.reply
) {
787 sb
= al
->icap
.reply
->header
.getByNameListMember(fmt
->data
.header
.header
, fmt
->data
.header
.element
, fmt
->data
.header
.separator
);
793 case LFT_ICAP_REP_ALL_HEADERS
:
794 if (al
->icap
.reply
) {
795 HttpHeaderPos pos
= HttpHeaderInitPos
;
796 while (const HttpHeaderEntry
*e
= al
->icap
.reply
->header
.getEntry(&pos
)) {
799 sb
.append(StringToSBuf(e
->value
));
807 case LFT_ICAP_TR_RESPONSE_TIME
:
808 outtv
= al
->icap
.trTime
;
812 case LFT_ICAP_IO_TIME
:
813 outtv
= al
->icap
.ioTime
;
817 case LFT_ICAP_STATUS_CODE
:
818 outint
= al
->icap
.resStatus
;
822 case LFT_ICAP_OUTCOME
:
823 out
= al
->icap
.outcome
;
826 case LFT_ICAP_TOTAL_TIME
:
827 outtv
= al
->icap
.processingTime
;
831 case LFT_REQUEST_HEADER_ELEM
:
832 if (const Http::Message
*msg
= actualRequestHeader(al
)) {
833 sb
= msg
->header
.getByNameListMember(fmt
->data
.header
.header
, fmt
->data
.header
.element
, fmt
->data
.header
.separator
);
839 case LFT_PROXY_PROTOCOL_RECEIVED_HEADER
:
840 if (al
->proxyProtocolHeader
) {
841 sb
= al
->proxyProtocolHeader
->getValues(fmt
->data
.headerId
, fmt
->data
.header
.separator
);
847 case LFT_PROXY_PROTOCOL_RECEIVED_ALL_HEADERS
:
848 if (al
->proxyProtocolHeader
) {
849 sb
= al
->proxyProtocolHeader
->toMime();
855 case LFT_PROXY_PROTOCOL_RECEIVED_HEADER_ELEM
:
856 if (al
->proxyProtocolHeader
) {
857 sb
= al
->proxyProtocolHeader
->getElem(fmt
->data
.headerId
, fmt
->data
.header
.element
, fmt
->data
.header
.separator
);
863 case LFT_ADAPTED_REQUEST_HEADER_ELEM
:
864 if (al
->adapted_request
) {
865 sb
= al
->adapted_request
->header
.getByNameListMember(fmt
->data
.header
.header
, fmt
->data
.header
.element
, fmt
->data
.header
.separator
);
871 case LFT_REPLY_HEADER_ELEM
:
872 if (const Http::Message
*msg
= actualReplyHeader(al
)) {
873 sb
= msg
->header
.getByNameListMember(fmt
->data
.header
.header
, fmt
->data
.header
.element
, fmt
->data
.header
.separator
);
879 case LFT_REQUEST_ALL_HEADERS
:
881 if (al
->icap
.reqMethod
== Adaptation::methodRespmod
) {
882 // XXX: since AccessLogEntry::Headers lacks virgin response
883 // headers, do nothing for now
888 // just headers without start-line and CRLF
889 // XXX: reconcile with '<h'
890 out
= al
->headers
.request
;
895 case LFT_ADAPTED_REQUEST_ALL_HEADERS
:
896 // just headers without start-line and CRLF
897 // XXX: reconcile with '<h'
898 out
= al
->headers
.adapted_request
;
902 case LFT_REPLY_ALL_HEADERS
: {
905 // status-line + headers + CRLF
906 // XXX: reconcile with '>h' and '>ha'
907 al
->packReplyHeaders(allHeaders
);
908 sb
.assign(allHeaders
.content(), allHeaders
.contentSize());
911 if (!out
&& al
->icap
.reqMethod
== Adaptation::methodReqmod
)
912 out
= al
->headers
.adapted_request
;
920 if (al
->request
&& al
->request
->auth_user_request
)
921 out
= strOrNull(al
->request
->auth_user_request
->username());
923 if (!out
&& al
->request
&& al
->request
->extacl_user
.size()) {
924 if (const char *t
= al
->request
->extacl_user
.termedBuf())
928 out
= strOrNull(al
->getExtUser());
931 out
= strOrNull(al
->cache
.ssluser
);
934 out
= strOrNull(al
->getClientIdent());
939 if (al
->request
&& al
->request
->auth_user_request
)
940 out
= strOrNull(al
->request
->auth_user_request
->username());
945 out
= strOrNull(al
->getClientIdent());
948 case LFT_USER_EXTERNAL
:
949 out
= strOrNull(al
->getExtUser());
952 /* case LFT_USER_REALM: */
953 /* case LFT_USER_SCHEME: */
955 // the fmt->type can not be LFT_HTTP_SENT_STATUS_CODE_OLD_30
956 // but compiler complains if omitted
957 case LFT_HTTP_SENT_STATUS_CODE_OLD_30
:
958 case LFT_HTTP_SENT_STATUS_CODE
:
959 outint
= al
->http
.code
;
963 case LFT_HTTP_RECEIVED_STATUS_CODE
:
964 if (al
->hier
.peer_reply_status
!= Http::scNone
) {
965 outint
= al
->hier
.peer_reply_status
;
969 /* case LFT_HTTP_STATUS:
970 * out = statusline->text;
974 case LFT_HTTP_BODY_BYTES_READ
:
975 if (al
->hier
.bodyBytesRead
>= 0) {
976 outoff
= al
->hier
.bodyBytesRead
;
979 // else if hier.bodyBytesRead < 0 we did not have any data exchange with
980 // a peer server so just print a "-" (eg requests served from cache,
981 // or internal error messages).
984 case LFT_SQUID_STATUS
:
985 out
= al
->cache
.code
.c_str();
988 case LFT_SQUID_ERROR
:
989 if (const auto error
= al
->error())
990 out
= errorPageName(error
->category
);
993 case LFT_SQUID_ERROR_DETAIL
:
994 if (const auto error
= al
->error()) {
995 if (const auto detail
= error
->detail
) {
996 sb
= detail
->brief();
1002 case LFT_SQUID_HIERARCHY
:
1003 if (al
->hier
.ping
.timedout
)
1004 mb
.append("TIMEOUT_", 8);
1005 out
= hier_code_str
[al
->hier
.code
];
1009 out
= al
->http
.content_type
;
1012 case LFT_CLIENT_REQ_METHOD
:
1014 sb
= al
->request
->method
.image();
1020 case LFT_CLIENT_REQ_URI
:
1021 if (const auto uri
= al
->effectiveVirginUrl()) {
1028 case LFT_CLIENT_REQ_URLSCHEME
:
1030 sb
= al
->request
->url
.getScheme().image();
1036 case LFT_CLIENT_REQ_URLDOMAIN
:
1038 out
= al
->request
->url
.host();
1043 case LFT_CLIENT_REQ_URLPORT
:
1045 outint
= al
->request
->url
.port();
1050 case LFT_REQUEST_URLPATH_OLD_31
:
1051 case LFT_CLIENT_REQ_URLPATH
:
1053 sb
= al
->request
->url
.path();
1059 case LFT_CLIENT_REQ_VERSION
:
1061 sb
.appendf("%u.%u", al
->request
->http_ver
.major
, al
->request
->http_ver
.minor
);
1066 case LFT_REQUEST_METHOD
:
1067 if (al
->hasLogMethod()) {
1068 sb
= al
->getLogMethod();
1074 case LFT_REQUEST_URI
:
1075 if (!al
->url
.isEmpty()) {
1081 case LFT_REQUEST_VERSION_OLD_2X
:
1082 case LFT_REQUEST_VERSION
:
1083 sb
.appendf("%u.%u", al
->http
.version
.major
, al
->http
.version
.minor
);
1087 case LFT_SERVER_REQ_METHOD
:
1088 if (al
->adapted_request
) {
1089 sb
= al
->adapted_request
->method
.image();
1095 case LFT_SERVER_REQ_URI
:
1096 // adapted request URI sent to server/peer
1097 if (al
->adapted_request
) {
1098 sb
= al
->adapted_request
->effectiveRequestUri();
1104 case LFT_SERVER_REQ_URLSCHEME
:
1105 if (al
->adapted_request
) {
1106 sb
= al
->adapted_request
->url
.getScheme().image();
1112 case LFT_SERVER_REQ_URLDOMAIN
:
1113 if (al
->adapted_request
) {
1114 out
= al
->adapted_request
->url
.host();
1119 case LFT_SERVER_REQ_URLPORT
:
1120 if (al
->adapted_request
) {
1121 outint
= al
->adapted_request
->url
.port();
1126 case LFT_SERVER_REQ_URLPATH
:
1127 if (al
->adapted_request
) {
1128 sb
= al
->adapted_request
->url
.path();
1134 case LFT_SERVER_REQ_VERSION
:
1135 if (al
->adapted_request
) {
1137 al
->adapted_request
->http_ver
.major
,
1138 al
->adapted_request
->http_ver
.minor
);
1143 case LFT_CLIENT_REQUEST_SIZE_TOTAL
:
1144 outoff
= al
->http
.clientRequestSz
.messageTotal();
1148 case LFT_CLIENT_REQUEST_SIZE_HEADERS
:
1149 outoff
= al
->http
.clientRequestSz
.header
;
1153 /*case LFT_REQUEST_SIZE_BODY: */
1154 /*case LFT_REQUEST_SIZE_BODY_NO_TE: */
1156 case LFT_ADAPTED_REPLY_SIZE_TOTAL
:
1157 outoff
= al
->http
.clientReplySz
.messageTotal();
1161 case LFT_REPLY_HIGHOFFSET
:
1162 outoff
= al
->cache
.highOffset
;
1166 case LFT_REPLY_OBJECTSIZE
:
1167 outoff
= al
->cache
.objectSize
;
1171 case LFT_ADAPTED_REPLY_SIZE_HEADERS
:
1172 outint
= al
->http
.clientReplySz
.header
;
1176 /*case LFT_REPLY_SIZE_BODY: */
1177 /*case LFT_REPLY_SIZE_BODY_NO_TE: */
1179 case LFT_CLIENT_IO_SIZE_TOTAL
:
1180 outint
= al
->http
.clientRequestSz
.messageTotal() + al
->http
.clientReplySz
.messageTotal();
1183 /*case LFT_SERVER_IO_SIZE_TOTAL: */
1187 out
= al
->request
->tag
.termedBuf();
1194 out
= al
->request
->extacl_log
.termedBuf();
1199 case LFT_SEQUENCE_NUMBER
:
1200 outoff
= logSequenceNumber
;
1205 case LFT_SSL_BUMP_MODE
: {
1206 const Ssl::BumpMode mode
= static_cast<Ssl::BumpMode
>(al
->ssl
.bumpMode
);
1207 // for Ssl::bumpEnd, Ssl::bumpMode() returns NULL and we log '-'
1208 out
= Ssl::bumpMode(mode
);
1212 case LFT_EXT_ACL_USER_CERT_RAW
:
1214 ConnStateData
*conn
= al
->request
->clientConnectionManager
.get();
1215 if (conn
&& Comm::IsConnOpen(conn
->clientConnection
)) {
1216 if (const auto ssl
= fd_table
[conn
->clientConnection
->fd
].ssl
.get()) {
1217 sb
= sslGetUserCertificatePEM(ssl
);
1224 case LFT_EXT_ACL_USER_CERTCHAIN_RAW
:
1226 ConnStateData
*conn
= al
->request
->clientConnectionManager
.get();
1227 if (conn
&& Comm::IsConnOpen(conn
->clientConnection
)) {
1228 if (const auto ssl
= fd_table
[conn
->clientConnection
->fd
].ssl
.get()) {
1229 sb
= sslGetUserCertificatePEM(ssl
);
1236 case LFT_EXT_ACL_USER_CERT
:
1238 ConnStateData
*conn
= al
->request
->clientConnectionManager
.get();
1239 if (conn
&& Comm::IsConnOpen(conn
->clientConnection
)) {
1240 if (auto ssl
= fd_table
[conn
->clientConnection
->fd
].ssl
.get())
1241 out
= sslGetUserAttribute(ssl
, fmt
->data
.header
.header
);
1246 case LFT_EXT_ACL_USER_CA_CERT
:
1248 ConnStateData
*conn
= al
->request
->clientConnectionManager
.get();
1249 if (conn
&& Comm::IsConnOpen(conn
->clientConnection
)) {
1250 if (auto ssl
= fd_table
[conn
->clientConnection
->fd
].ssl
.get())
1251 out
= sslGetCAAttribute(ssl
, fmt
->data
.header
.header
);
1256 case LFT_SSL_USER_CERT_SUBJECT
:
1257 if (const auto &cert
= al
->cache
.sslClientCert
) {
1258 sb
= Security::SubjectName(*cert
);
1263 case LFT_SSL_USER_CERT_ISSUER
:
1264 if (const auto &cert
= al
->cache
.sslClientCert
) {
1265 sb
= Security::IssuerName(*cert
);
1270 case LFT_SSL_CLIENT_SNI
:
1271 if (al
->request
&& al
->request
->clientConnectionManager
.valid()) {
1272 if (const ConnStateData
*conn
= al
->request
->clientConnectionManager
.get()) {
1273 if (!conn
->tlsClientSni().isEmpty()) {
1274 sb
= conn
->tlsClientSni();
1281 case LFT_SSL_SERVER_CERT_ERRORS
:
1282 if (al
->request
&& al
->request
->clientConnectionManager
.valid()) {
1283 if (Ssl::ServerBump
* srvBump
= al
->request
->clientConnectionManager
->serverBump()) {
1284 const char *separator
= fmt
->data
.string
? fmt
->data
.string
: ":";
1285 for (const Security::CertErrors
*sslError
= srvBump
->sslErrors(); sslError
; sslError
= sslError
->next
) {
1287 sb
.append(separator
);
1288 sb
.append(Ssl::GetErrorName(sslError
->element
.code
, true));
1289 if (sslError
->element
.depth
>= 0)
1290 sb
.appendf("@depth=%d", sslError
->element
.depth
);
1298 case LFT_SSL_SERVER_CERT_ISSUER
:
1299 case LFT_SSL_SERVER_CERT_SUBJECT
:
1300 case LFT_SSL_SERVER_CERT_WHOLE
:
1301 if (al
->request
&& al
->request
->clientConnectionManager
.valid()) {
1302 if (Ssl::ServerBump
* srvBump
= al
->request
->clientConnectionManager
->serverBump()) {
1303 if (X509
*serverCert
= srvBump
->serverCert
.get()) {
1304 if (fmt
->type
== LFT_SSL_SERVER_CERT_SUBJECT
)
1305 out
= Ssl::GetX509UserAttribute(serverCert
, "DN");
1306 else if (fmt
->type
== LFT_SSL_SERVER_CERT_ISSUER
)
1307 out
= Ssl::GetX509CAAttribute(serverCert
, "DN");
1309 assert(fmt
->type
== LFT_SSL_SERVER_CERT_WHOLE
);
1310 sb
= Ssl::GetX509PEM(serverCert
);
1319 case LFT_TLS_CLIENT_NEGOTIATED_VERSION
:
1320 if (al
->tcpClient
&& al
->tcpClient
->hasTlsNegotiations())
1321 out
= al
->tcpClient
->hasTlsNegotiations()->negotiatedVersion();
1324 case LFT_TLS_SERVER_NEGOTIATED_VERSION
:
1325 if (al
->hier
.tcpServer
&& al
->hier
.tcpServer
->hasTlsNegotiations())
1326 out
= al
->hier
.tcpServer
->hasTlsNegotiations()->negotiatedVersion();
1329 case LFT_TLS_CLIENT_RECEIVED_HELLO_VERSION
:
1330 if (al
->tcpClient
&& al
->tcpClient
->hasTlsNegotiations())
1331 out
= al
->tcpClient
->hasTlsNegotiations()->helloVersion();
1334 case LFT_TLS_SERVER_RECEIVED_HELLO_VERSION
:
1335 if (al
->hier
.tcpServer
&& al
->hier
.tcpServer
->hasTlsNegotiations())
1336 out
= al
->hier
.tcpServer
->hasTlsNegotiations()->helloVersion();
1339 case LFT_TLS_CLIENT_SUPPORTED_VERSION
:
1340 if (al
->tcpClient
&& al
->tcpClient
->hasTlsNegotiations())
1341 out
= al
->tcpClient
->hasTlsNegotiations()->supportedVersion();
1344 case LFT_TLS_SERVER_SUPPORTED_VERSION
:
1345 if (al
->hier
.tcpServer
&& al
->hier
.tcpServer
->hasTlsNegotiations())
1346 out
= al
->hier
.tcpServer
->hasTlsNegotiations()->supportedVersion();
1349 case LFT_TLS_CLIENT_NEGOTIATED_CIPHER
:
1350 if (al
->tcpClient
&& al
->tcpClient
->hasTlsNegotiations())
1351 out
= al
->tcpClient
->hasTlsNegotiations()->cipherName();
1354 case LFT_TLS_SERVER_NEGOTIATED_CIPHER
:
1355 if (al
->hier
.tcpServer
&& al
->hier
.tcpServer
->hasTlsNegotiations())
1356 out
= al
->hier
.tcpServer
->hasTlsNegotiations()->cipherName();
1360 case LFT_REQUEST_URLGROUP_OLD_2X
:
1361 assert(LFT_REQUEST_URLGROUP_OLD_2X
== 0); // should never happen.
1365 tmp
[0] = fmt
->data
.header
.separator
;
1367 if (fmt
->data
.header
.header
&& *fmt
->data
.header
.header
) {
1368 const char *separator
= tmp
;
1371 Adaptation::History::Pointer ah
= al
->request
? al
->request
->adaptHistory() : Adaptation::History::Pointer();
1372 if (ah
&& ah
->metaHeaders
) {
1373 if (ah
->metaHeaders
->find(note
, fmt
->data
.header
.header
, separator
))
1378 if (al
->notes
->find(note
, fmt
->data
.header
.header
, separator
)) {
1380 sb
.append(separator
);
1387 // if no argument given use default "\r\n" as notes separator
1388 const char *separator
= fmt
->data
.string
? tmp
: "\r\n";
1390 Adaptation::History::Pointer ah
= al
->request
? al
->request
->adaptHistory() : Adaptation::History::Pointer();
1391 if (ah
&& ah
->metaHeaders
&& !ah
->metaHeaders
->empty())
1392 sb
.append(ah
->metaHeaders
->toString(separator
));
1394 if (al
->notes
&& !al
->notes
->empty())
1395 sb
.append(al
->notes
->toString(separator
));
1402 case LFT_CREDENTIALS
:
1404 if (al
->request
&& al
->request
->auth_user_request
)
1405 out
= strOrNull(al
->request
->auth_user_request
->credentialsStr());
1413 case LFT_EXT_ACL_NAME
:
1414 out
= al
->lastAclName
;
1417 case LFT_EXT_ACL_DATA
:
1418 if (!al
->lastAclData
.isEmpty())
1419 out
= al
->lastAclData
.c_str();
1422 case LFT_MASTER_XACTION
:
1425 outUint64
= static_cast<uint64_t>(al
->request
->masterXaction
->id
.value
);
1431 sb
.appendf("%0*" PRId64
, fmt
->zero
&& fmt
->widthMin
>= 0 ? fmt
->widthMin
: 0, outoff
);
1435 sb
.appendf("%0*ld", fmt
->zero
&& fmt
->widthMin
>= 0 ? fmt
->widthMin
: 0, outint
);
1437 } else if (doUint64
) {
1438 sb
.appendf("%0*" PRIu64
, fmt
->zero
&& fmt
->widthMin
>= 0 ? fmt
->widthMin
: 0, outUint64
);
1440 } else if (doMsec
) {
1441 if (fmt
->widthMax
< 0) {
1442 sb
.appendf("%0*ld", fmt
->zero
&& fmt
->widthMin
>= 0 ? fmt
->widthMin
: 0, tvToMsec(outtv
));
1444 int precision
= fmt
->widthMax
;
1445 sb
.appendf("%0*" PRId64
".%0*" PRId64
"", fmt
->zero
&& (fmt
->widthMin
- precision
- 1 >= 0) ? fmt
->widthMin
- precision
- 1 : 0, static_cast<int64_t>(outtv
.tv_sec
* 1000 + outtv
.tv_usec
/ 1000), precision
, static_cast<int64_t>((outtv
.tv_usec
% 1000 )* (1000 / fmt
->divisor
)));
1449 int precision
= fmt
->widthMax
>=0 ? fmt
->widthMax
:3;
1450 sb
.appendf("%0*" PRId64
".%0*d", fmt
->zero
&& (fmt
->widthMin
- precision
- 1 >= 0) ? fmt
->widthMin
- precision
- 1 : 0, static_cast<int64_t>(outtv
.tv_sec
), precision
, (int)(outtv
.tv_usec
/ fmt
->divisor
));
1455 if (quote
|| fmt
->quote
!= LOG_QUOTE_NONE
) {
1456 // Do not write to the tmp buffer because it may contain the to-be-quoted value.
1457 static char quotedOut
[2 * sizeof(tmp
)];
1458 static_assert(sizeof(quotedOut
) > 0, "quotedOut has zero length");
1459 quotedOut
[0] = '\0';
1461 char *newout
= nullptr;
1464 switch (fmt
->quote
) {
1466 case LOG_QUOTE_NONE
:
1467 newout
= rfc1738_escape_unescaped(out
);
1470 case LOG_QUOTE_QUOTES
: {
1471 size_t out_len
= static_cast<size_t>(strlen(out
)) * 2 + 1;
1472 if (out_len
>= sizeof(tmp
)) {
1473 newout
= (char *)xmalloc(out_len
);
1477 log_quoted_string(out
, newout
);
1481 case LOG_QUOTE_MIMEBLOB
:
1482 newout
= QuoteMimeBlob(out
);
1487 newout
= rfc1738_escape(out
);
1490 case LOG_QUOTE_SHELL
: {
1493 strwordquote(&mbq
, out
);
1494 newout
= mbq
.content();
1514 // enforce width limits if configured
1515 const bool haveMaxWidth
= fmt
->widthMax
>=0 && !doint
&& !dooff
&& !doMsec
&& !doSec
&& !doUint64
;
1516 if (haveMaxWidth
|| fmt
->widthMin
) {
1517 const int minWidth
= fmt
->widthMin
>= 0 ?
1519 const int maxWidth
= haveMaxWidth
?
1520 fmt
->widthMax
: strlen(out
);
1523 mb
.appendf("%-*.*s", minWidth
, maxWidth
, out
);
1525 mb
.appendf("%*.*s", minWidth
, maxWidth
, out
);
1527 mb
.append(out
, strlen(out
));