2 * Copyright (C) 1996-2016 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
10 #include "AccessLogEntry.h"
11 #include "client_side.h"
12 #include "comm/Connection.h"
13 #include "err_detail_type.h"
14 #include "errorpage.h"
16 #include "format/Format.h"
17 #include "format/Quoting.h"
18 #include "format/Token.h"
19 #include "fqdncache.h"
20 #include "http/Stream.h"
21 #include "HttpRequest.h"
24 #include "security/NegotiationHistory.h"
25 #include "SquidTime.h"
30 #include "ssl/ErrorDetail.h"
31 #include "ssl/ServerBump.h"
34 /// Convert a string to NULL pointer if it is ""
35 #define strOrNull(s) ((s)==NULL||(s)[0]=='\0'?NULL:(s))
37 Format::Format::Format(const char *n
) :
44 Format::Format::~Format()
46 // erase the list without consuming stack space
48 // unlink the next entry for deletion
61 Format::Format::parse(const char *def
)
63 const char *cur
, *eos
;
64 Token
*new_lt
, *last_lt
;
65 enum Quoting quote
= LOG_QUOTE_NONE
;
67 debugs(46, 2, HERE
<< "got definition '" << def
<< "'");
70 debugs(46, DBG_IMPORTANT
, "WARNING: existing format for '" << name
<< " " << def
<< "'");
74 /* very inefficent parser, but who cares, this needs to be simple */
75 /* First off, let's tokenize, we'll optimize in a second pass.
76 * A token can either be a %-prefixed sequence (usually a dynamic
77 * token but it can be an escaped sequence), or a string. */
79 eos
= def
+ strlen(def
);
80 format
= new_lt
= last_lt
= new Token
;
81 cur
+= new_lt
->parse(cur
, "e
);
85 last_lt
->next
= new_lt
;
87 cur
+= new_lt
->parse(cur
, "e
);
94 Format::Format::dump(StoreEntry
* entry
, const char *directiveName
, bool eol
) const
98 // loop rather than recursing to conserve stack space.
99 for (const Format
*fmt
= this; fmt
; fmt
= fmt
->next
) {
100 debugs(46, 3, HERE
<< "Dumping format definition for " << fmt
->name
);
102 storeAppendPrintf(entry
, "%s %s ", directiveName
, fmt
->name
);
104 for (Token
*t
= fmt
->format
; t
; t
= t
->next
) {
105 if (t
->type
== LFT_STRING
)
106 storeAppendPrintf(entry
, "%s", t
->data
.string
);
110 ByteCode_t type
= t
->type
;
118 case LFT_ADAPTATION_LAST_HEADER_ELEM
:
121 case LFT_ICAP_REQ_HEADER_ELEM
:
122 case LFT_ICAP_REP_HEADER_ELEM
:
124 case LFT_REQUEST_HEADER_ELEM
:
125 case LFT_ADAPTED_REQUEST_HEADER_ELEM
:
126 case LFT_REPLY_HEADER_ELEM
:
128 if (t
->data
.header
.separator
!= ',')
129 snprintf(argbuf
, sizeof(argbuf
), "%s:%c%s", t
->data
.header
.header
, t
->data
.header
.separator
, t
->data
.header
.element
);
131 snprintf(argbuf
, sizeof(argbuf
), "%s:%s", t
->data
.header
.header
, t
->data
.header
.element
);
136 case LFT_REQUEST_HEADER_ELEM
:
137 type
= LFT_REQUEST_HEADER_ELEM
; // XXX: remove _ELEM?
139 case LFT_ADAPTED_REQUEST_HEADER_ELEM
:
140 type
= LFT_ADAPTED_REQUEST_HEADER_ELEM
; // XXX: remove _ELEM?
142 case LFT_REPLY_HEADER_ELEM
:
143 type
= LFT_REPLY_HEADER_ELEM
; // XXX: remove _ELEM?
146 case LFT_ADAPTATION_LAST_HEADER_ELEM
:
147 type
= LFT_ADAPTATION_LAST_HEADER
;
151 case LFT_ICAP_REQ_HEADER_ELEM
:
152 type
= LFT_ICAP_REQ_HEADER
;
154 case LFT_ICAP_REP_HEADER_ELEM
:
155 type
= LFT_ICAP_REP_HEADER
;
164 case LFT_REQUEST_ALL_HEADERS
:
165 case LFT_ADAPTED_REQUEST_ALL_HEADERS
:
166 case LFT_REPLY_ALL_HEADERS
:
169 case LFT_ADAPTATION_LAST_ALL_HEADERS
:
172 case LFT_ICAP_REQ_ALL_HEADERS
:
173 case LFT_ICAP_REP_ALL_HEADERS
:
177 case LFT_REQUEST_ALL_HEADERS
:
178 type
= LFT_REQUEST_HEADER
;
180 case LFT_ADAPTED_REQUEST_ALL_HEADERS
:
181 type
= LFT_ADAPTED_REQUEST_HEADER
;
183 case LFT_REPLY_ALL_HEADERS
:
184 type
= LFT_REPLY_HEADER
;
187 case LFT_ADAPTATION_LAST_ALL_HEADERS
:
188 type
= LFT_ADAPTATION_LAST_HEADER
;
192 case LFT_ICAP_REQ_ALL_HEADERS
:
193 type
= LFT_ICAP_REQ_HEADER
;
195 case LFT_ICAP_REP_ALL_HEADERS
:
196 type
= LFT_ICAP_REP_HEADER
;
207 arg
= t
->data
.string
;
212 entry
->append("%", 1);
216 case LOG_QUOTE_QUOTES
:
217 entry
->append("\"", 1);
220 case LOG_QUOTE_MIMEBLOB
:
221 entry
->append("[", 1);
225 entry
->append("#", 1);
229 entry
->append("'", 1);
232 case LOG_QUOTE_SHELL
:
233 entry
->append("/", 1);
241 entry
->append("-", 1);
244 entry
->append("0", 1);
246 if (t
->widthMin
>= 0)
247 storeAppendPrintf(entry
, "%d", t
->widthMin
);
249 if (t
->widthMax
>= 0)
250 storeAppendPrintf(entry
, ".%d", t
->widthMax
);
253 storeAppendPrintf(entry
, "{%s}", arg
);
255 storeAppendPrintf(entry
, "%s", t
->label
);
258 entry
->append(" ", 1);
263 entry
->append("\n", 1);
269 log_quoted_string(const char *str
, char *out
)
274 int l
= strcspn(str
, "\"\\\r\n\t");
323 sslErrorName(Ssl::ssl_error_t err
, char *buf
, size_t size
)
325 snprintf(buf
, size
, "SSL_ERR=%d", err
);
331 Format::Format::assemble(MemBuf
&mb
, const AccessLogEntry::Pointer
&al
, int logSequenceNumber
) const
336 for (Token
*fmt
= format
; fmt
!= NULL
; fmt
= fmt
->next
) { /* for each token */
337 const char *out
= NULL
;
344 struct timeval outtv
= {0, 0};
355 out
= fmt
->data
.string
;
358 case LFT_CLIENT_IP_ADDRESS
:
359 al
->getLogClientIp(tmp
, sizeof(tmp
));
363 case LFT_CLIENT_FQDN
:
364 if (al
->cache
.caddr
.isAnyAddr()) // e.g., ICAP OPTIONS lack client
367 out
= fqdncache_gethostbyaddr(al
->cache
.caddr
, FQDN_LOOKUP_IF_MISS
);
369 out
= al
->cache
.caddr
.toStr(tmp
,1024);
374 case LFT_CLIENT_PORT
:
376 outint
= al
->request
->client_addr
.port();
383 // TODO make the ACL checklist have a direct link to any TCP details.
384 if (al
->request
&& al
->request
->clientConnectionManager
.valid() && al
->request
->clientConnectionManager
->clientConnection
!= NULL
) {
385 if (al
->request
->clientConnectionManager
->clientConnection
->remote
.isIPv4())
386 al
->request
->clientConnectionManager
->clientConnection
->remoteEui48
.encode(tmp
, 1024);
388 al
->request
->clientConnectionManager
->clientConnection
->remoteEui64
.encode(tmp
, 1024);
394 case LFT_EXT_ACL_CLIENT_EUI48
:
396 if (al
->request
&& al
->request
->clientConnectionManager
.valid() &&
397 al
->request
->clientConnectionManager
->clientConnection
!= NULL
&&
398 al
->request
->clientConnectionManager
->clientConnection
->remote
.isIPv4()) {
399 al
->request
->clientConnectionManager
->clientConnection
->remoteEui48
.encode(tmp
, 1024);
405 case LFT_EXT_ACL_CLIENT_EUI64
:
407 if (al
->request
&& al
->request
->clientConnectionManager
.valid() &&
408 al
->request
->clientConnectionManager
->clientConnection
!= NULL
&&
409 !al
->request
->clientConnectionManager
->clientConnection
->remote
.isIPv4()) {
410 al
->request
->clientConnectionManager
->clientConnection
->remoteEui64
.encode(tmp
, 1024);
416 case LFT_SERVER_IP_ADDRESS
:
417 if (al
->hier
.tcpServer
!= NULL
) {
418 out
= al
->hier
.tcpServer
->remote
.toStr(tmp
,sizeof(tmp
));
422 case LFT_SERVER_FQDN_OR_PEER_NAME
:
426 case LFT_SERVER_PORT
:
427 if (al
->hier
.tcpServer
!= NULL
) {
428 outint
= al
->hier
.tcpServer
->remote
.port();
433 case LFT_LOCAL_LISTENING_IP
: {
434 // avoid logging a dash if we have reliable info
435 const bool interceptedAtKnownPort
= al
->request
?
436 (al
->request
->flags
.interceptTproxy
||
437 al
->request
->flags
.intercepted
) && al
->cache
.port
!= NULL
:
439 if (interceptedAtKnownPort
) {
440 const bool portAddressConfigured
= !al
->cache
.port
->s
.isAnyAddr();
441 if (portAddressConfigured
)
442 out
= al
->cache
.port
->s
.toStr(tmp
, sizeof(tmp
));
443 } else if (al
->tcpClient
!= NULL
)
444 out
= al
->tcpClient
->local
.toStr(tmp
, sizeof(tmp
));
448 case LFT_CLIENT_LOCAL_IP
:
449 if (al
->tcpClient
!= NULL
) {
450 out
= al
->tcpClient
->local
.toStr(tmp
,sizeof(tmp
));
454 case LFT_CLIENT_LOCAL_TOS
:
455 if (al
->tcpClient
!= NULL
) {
456 snprintf(tmp
, sizeof(tmp
), "0x%x", (uint32_t)al
->tcpClient
->tos
);
461 case LFT_CLIENT_LOCAL_NFMARK
:
462 if (al
->tcpClient
!= NULL
) {
463 snprintf(tmp
, sizeof(tmp
), "0x%x", al
->tcpClient
->nfmark
);
468 case LFT_LOCAL_LISTENING_PORT
:
469 if (al
->cache
.port
!= NULL
) {
470 outint
= al
->cache
.port
->s
.port();
472 } else if (al
->request
) {
473 outint
= al
->request
->my_addr
.port();
478 case LFT_CLIENT_LOCAL_PORT
:
479 if (al
->tcpClient
!= NULL
) {
480 outint
= al
->tcpClient
->local
.port();
485 case LFT_SERVER_LOCAL_IP_OLD_27
:
486 case LFT_SERVER_LOCAL_IP
:
487 if (al
->hier
.tcpServer
!= NULL
) {
488 out
= al
->hier
.tcpServer
->local
.toStr(tmp
,sizeof(tmp
));
492 case LFT_SERVER_LOCAL_PORT
:
493 if (al
->hier
.tcpServer
!= NULL
) {
494 outint
= al
->hier
.tcpServer
->local
.port();
500 case LFT_SERVER_LOCAL_TOS
:
501 if (al
->hier
.tcpServer
!= NULL
) {
502 snprintf(tmp
, sizeof(tmp
), "0x%x", (uint32_t)al
->hier
.tcpServer
->tos
);
507 case LFT_SERVER_LOCAL_NFMARK
:
508 if (al
->hier
.tcpServer
!= NULL
) {
509 snprintf(tmp
, sizeof(tmp
), "0x%x", al
->hier
.tcpServer
->nfmark
);
514 case LFT_TIME_SECONDS_SINCE_EPOCH
:
515 // some platforms store time in 32-bit, some 64-bit...
516 outoff
= static_cast<int64_t>(current_time
.tv_sec
);
520 case LFT_TIME_SUBSECOND
:
521 outint
= current_time
.tv_usec
/ fmt
->divisor
;
525 case LFT_TIME_LOCALTIME
:
531 spec
= fmt
->data
.string
;
533 if (fmt
->type
== LFT_TIME_LOCALTIME
) {
535 spec
= "%d/%b/%Y:%H:%M:%S %z";
536 t
= localtime(&squid_curtime
);
539 spec
= "%d/%b/%Y:%H:%M:%S";
541 t
= gmtime(&squid_curtime
);
544 strftime(tmp
, sizeof(tmp
), spec
, t
);
552 outtv
= al
->cache
.start_time
;
556 case LFT_TIME_TO_HANDLE_REQUEST
:
557 outtv
= al
->cache
.trTime
;
561 case LFT_PEER_RESPONSE_TIME
:
562 if (al
->hier
.peer_response_time
.tv_sec
== -1) {
565 outtv
= al
->hier
.peer_response_time
;
570 case LFT_TOTAL_SERVER_SIDE_RESPONSE_TIME
: {
571 timeval total_response_time
;
572 al
->hier
.totalResponseTime(total_response_time
);
573 if (total_response_time
.tv_sec
== -1) {
576 outtv
= total_response_time
;
582 case LFT_DNS_WAIT_TIME
:
583 if (al
->request
&& al
->request
->dnsWait
>= 0) {
584 // TODO: microsecond precision for dns wait time.
585 // Convert miliseconds to timeval struct:
586 outtv
.tv_sec
= al
->request
->dnsWait
/ 1000;
587 outtv
.tv_usec
= (al
->request
->dnsWait
% 1000) * 1000;
592 case LFT_REQUEST_HEADER
:
595 sb
= al
->request
->header
.getByName(fmt
->data
.header
.header
);
597 out
= sb
.termedBuf();
603 case LFT_ADAPTED_REQUEST_HEADER
:
605 if (al
->adapted_request
)
606 sb
= al
->adapted_request
->header
.getByName(fmt
->data
.header
.header
);
608 out
= sb
.termedBuf();
614 case LFT_REPLY_HEADER
:
616 sb
= al
->reply
->header
.getByName(fmt
->data
.header
.header
);
618 out
= sb
.termedBuf();
625 case LFT_ADAPTATION_SUM_XACT_TIMES
:
627 Adaptation::History::Pointer ah
= al
->request
->adaptHistory();
629 ah
->sumLogString(fmt
->data
.string
, sb
);
630 out
= sb
.termedBuf();
634 case LFT_ADAPTATION_ALL_XACT_TIMES
:
636 Adaptation::History::Pointer ah
= al
->request
->adaptHistory();
638 ah
->allLogString(fmt
->data
.string
, sb
);
639 out
= sb
.termedBuf();
643 case LFT_ADAPTATION_LAST_HEADER
:
645 const Adaptation::History::Pointer ah
= al
->request
->adaptHistory();
646 if (ah
!= NULL
) // XXX: add adapt::<all_h but use lastMeta here
647 sb
= ah
->allMeta
.getByName(fmt
->data
.header
.header
);
650 // XXX: here and elsewhere: move such code inside the if guard
651 out
= sb
.termedBuf();
657 case LFT_ADAPTATION_LAST_HEADER_ELEM
:
659 const Adaptation::History::Pointer ah
= al
->request
->adaptHistory();
660 if (ah
!= NULL
) // XXX: add adapt::<all_h but use lastMeta here
661 sb
= ah
->allMeta
.getByNameListMember(fmt
->data
.header
.header
, fmt
->data
.header
.element
, fmt
->data
.header
.separator
);
664 out
= sb
.termedBuf();
670 case LFT_ADAPTATION_LAST_ALL_HEADERS
:
671 out
= al
->adapt
.last_meta
;
681 out
= al
->icap
.hostAddr
.toStr(tmp
,1024);
684 case LFT_ICAP_SERV_NAME
:
685 out
= al
->icap
.serviceName
.termedBuf();
688 case LFT_ICAP_REQUEST_URI
:
689 out
= al
->icap
.reqUri
.termedBuf();
692 case LFT_ICAP_REQUEST_METHOD
:
693 out
= Adaptation::Icap::ICAP::methodStr(al
->icap
.reqMethod
);
696 case LFT_ICAP_BYTES_SENT
:
697 outoff
= al
->icap
.bytesSent
;
701 case LFT_ICAP_BYTES_READ
:
702 outoff
= al
->icap
.bytesRead
;
706 case LFT_ICAP_BODY_BYTES_READ
:
707 if (al
->icap
.bodyBytesRead
>= 0) {
708 outoff
= al
->icap
.bodyBytesRead
;
711 // else if icap.bodyBytesRead < 0, we do not have any http data,
712 // so just print a "-" (204 responses etc)
715 case LFT_ICAP_REQ_HEADER
:
716 if (NULL
!= al
->icap
.request
) {
717 sb
= al
->icap
.request
->header
.getByName(fmt
->data
.header
.header
);
718 out
= sb
.termedBuf();
723 case LFT_ICAP_REQ_HEADER_ELEM
:
724 if (al
->icap
.request
)
725 sb
= al
->icap
.request
->header
.getByNameListMember(fmt
->data
.header
.header
, fmt
->data
.header
.element
, fmt
->data
.header
.separator
);
727 out
= sb
.termedBuf();
733 case LFT_ICAP_REQ_ALL_HEADERS
:
734 if (al
->icap
.request
) {
735 HttpHeaderPos pos
= HttpHeaderInitPos
;
736 while (const HttpHeaderEntry
*e
= al
->icap
.request
->header
.getEntry(&pos
)) {
742 out
= sb
.termedBuf();
747 case LFT_ICAP_REP_HEADER
:
748 if (NULL
!= al
->icap
.reply
) {
749 sb
= al
->icap
.reply
->header
.getByName(fmt
->data
.header
.header
);
750 out
= sb
.termedBuf();
755 case LFT_ICAP_REP_HEADER_ELEM
:
756 if (NULL
!= al
->icap
.reply
)
757 sb
= al
->icap
.reply
->header
.getByNameListMember(fmt
->data
.header
.header
, fmt
->data
.header
.element
, fmt
->data
.header
.separator
);
759 out
= sb
.termedBuf();
765 case LFT_ICAP_REP_ALL_HEADERS
:
766 if (al
->icap
.reply
) {
767 HttpHeaderPos pos
= HttpHeaderInitPos
;
768 while (const HttpHeaderEntry
*e
= al
->icap
.reply
->header
.getEntry(&pos
)) {
774 out
= sb
.termedBuf();
779 case LFT_ICAP_TR_RESPONSE_TIME
:
780 outtv
= al
->icap
.trTime
;
784 case LFT_ICAP_IO_TIME
:
785 outtv
= al
->icap
.ioTime
;
789 case LFT_ICAP_STATUS_CODE
:
790 outint
= al
->icap
.resStatus
;
794 case LFT_ICAP_OUTCOME
:
795 out
= al
->icap
.outcome
;
798 case LFT_ICAP_TOTAL_TIME
:
799 outtv
= al
->icap
.processingTime
;
803 case LFT_REQUEST_HEADER_ELEM
:
805 sb
= al
->request
->header
.getByNameListMember(fmt
->data
.header
.header
, fmt
->data
.header
.element
, fmt
->data
.header
.separator
);
807 out
= sb
.termedBuf();
813 case LFT_ADAPTED_REQUEST_HEADER_ELEM
:
814 if (al
->adapted_request
)
815 sb
= al
->adapted_request
->header
.getByNameListMember(fmt
->data
.header
.header
, fmt
->data
.header
.element
, fmt
->data
.header
.separator
);
817 out
= sb
.termedBuf();
823 case LFT_REPLY_HEADER_ELEM
:
825 sb
= al
->reply
->header
.getByNameListMember(fmt
->data
.header
.header
, fmt
->data
.header
.element
, fmt
->data
.header
.separator
);
827 out
= sb
.termedBuf();
833 case LFT_REQUEST_ALL_HEADERS
:
834 out
= al
->headers
.request
;
840 case LFT_ADAPTED_REQUEST_ALL_HEADERS
:
841 out
= al
->headers
.adapted_request
;
847 case LFT_REPLY_ALL_HEADERS
:
848 out
= al
->headers
.reply
;
856 if (al
->request
&& al
->request
->auth_user_request
!= NULL
)
857 out
= strOrNull(al
->request
->auth_user_request
->username());
859 if (!out
&& al
->request
&& al
->request
->extacl_user
.size()) {
860 if (const char *t
= al
->request
->extacl_user
.termedBuf())
865 out
= strOrNull(al
->cache
.extuser
);
869 out
= strOrNull(al
->cache
.ssluser
);
872 out
= strOrNull(al
->cache
.rfc931
);
877 if (al
->request
&& al
->request
->auth_user_request
!= NULL
)
878 out
= strOrNull(al
->request
->auth_user_request
->username());
883 out
= strOrNull(al
->cache
.rfc931
);
886 case LFT_USER_EXTERNAL
:
887 if (al
->request
&& al
->request
->extacl_user
.size()) {
888 if (const char *t
= al
->request
->extacl_user
.termedBuf())
893 out
= strOrNull(al
->cache
.extuser
);
896 /* case LFT_USER_REALM: */
897 /* case LFT_USER_SCHEME: */
899 // the fmt->type can not be LFT_HTTP_SENT_STATUS_CODE_OLD_30
900 // but compiler complains if ommited
901 case LFT_HTTP_SENT_STATUS_CODE_OLD_30
:
902 case LFT_HTTP_SENT_STATUS_CODE
:
903 outint
= al
->http
.code
;
909 case LFT_HTTP_RECEIVED_STATUS_CODE
:
910 if (al
->hier
.peer_reply_status
== Http::scNone
) {
913 outint
= al
->hier
.peer_reply_status
;
917 /* case LFT_HTTP_STATUS:
918 * out = statusline->text;
922 case LFT_HTTP_BODY_BYTES_READ
:
923 if (al
->hier
.bodyBytesRead
>= 0) {
924 outoff
= al
->hier
.bodyBytesRead
;
927 // else if hier.bodyBytesRead < 0 we did not have any data exchange with
928 // a peer server so just print a "-" (eg requests served from cache,
929 // or internal error messages).
932 case LFT_SQUID_STATUS
:
933 out
= al
->cache
.code
.c_str();
936 case LFT_SQUID_ERROR
:
937 if (al
->request
&& al
->request
->errType
!= ERR_NONE
)
938 out
= errorPageName(al
->request
->errType
);
941 case LFT_SQUID_ERROR_DETAIL
:
943 if (al
->request
&& al
->request
->errType
== ERR_SECURE_CONNECT_FAIL
) {
944 if (! (out
= Ssl::GetErrorName(al
->request
->errDetail
)))
945 out
= sslErrorName(al
->request
->errDetail
, tmp
, sizeof(tmp
));
948 if (al
->request
&& al
->request
->errDetail
!= ERR_DETAIL_NONE
) {
949 if (al
->request
->errDetail
> ERR_DETAIL_START
&& al
->request
->errDetail
< ERR_DETAIL_MAX
)
950 out
= errorDetailName(al
->request
->errDetail
);
952 if (al
->request
->errDetail
>= ERR_DETAIL_EXCEPTION_START
)
953 snprintf(tmp
, sizeof(tmp
), "%s=0x%X",
954 errorDetailName(al
->request
->errDetail
), (uint32_t) al
->request
->errDetail
);
956 snprintf(tmp
, sizeof(tmp
), "%s=%d",
957 errorDetailName(al
->request
->errDetail
), al
->request
->errDetail
);
963 case LFT_SQUID_HIERARCHY
:
964 if (al
->hier
.ping
.timedout
)
965 mb
.append("TIMEOUT_", 8);
967 out
= hier_code_str
[al
->hier
.code
];
972 out
= al
->http
.content_type
;
976 case LFT_CLIENT_REQ_METHOD
:
978 const SBuf
&s
= al
->request
->method
.image();
979 sb
.append(s
.rawContent(), s
.length());
980 out
= sb
.termedBuf();
985 case LFT_CLIENT_REQ_URI
:
986 // original client URI
988 const SBuf
&s
= al
->request
->effectiveRequestUri();
989 sb
.append(s
.rawContent(), s
.length());
990 out
= sb
.termedBuf();
995 case LFT_CLIENT_REQ_URLSCHEME
:
997 out
= al
->request
->url
.getScheme().c_str();
1002 case LFT_CLIENT_REQ_URLDOMAIN
:
1004 out
= al
->request
->url
.host();
1009 case LFT_CLIENT_REQ_URLPORT
:
1011 outint
= al
->request
->url
.port();
1016 case LFT_REQUEST_URLPATH_OLD_31
:
1017 case LFT_CLIENT_REQ_URLPATH
:
1019 SBuf s
= al
->request
->url
.path();
1025 case LFT_CLIENT_REQ_VERSION
:
1027 snprintf(tmp
, sizeof(tmp
), "%d.%d", (int) al
->request
->http_ver
.major
, (int) al
->request
->http_ver
.minor
);
1032 case LFT_REQUEST_METHOD
:
1034 const SBuf
s(al
->getLogMethod());
1035 sb
.append(s
.rawContent(), s
.length());
1036 out
= sb
.termedBuf();
1041 case LFT_REQUEST_URI
:
1045 case LFT_REQUEST_VERSION_OLD_2X
:
1046 case LFT_REQUEST_VERSION
:
1047 snprintf(tmp
, sizeof(tmp
), "%d.%d", (int) al
->http
.version
.major
, (int) al
->http
.version
.minor
);
1051 case LFT_SERVER_REQ_METHOD
:
1052 if (al
->adapted_request
) {
1053 const SBuf
&s
= al
->adapted_request
->method
.image();
1054 sb
.append(s
.rawContent(), s
.length());
1055 out
= sb
.termedBuf();
1060 case LFT_SERVER_REQ_URI
:
1061 // adapted request URI sent to server/peer
1062 if (al
->adapted_request
) {
1063 const SBuf
&s
= al
->adapted_request
->effectiveRequestUri();
1064 sb
.append(s
.rawContent(), s
.length());
1065 out
= sb
.termedBuf();
1070 case LFT_SERVER_REQ_URLSCHEME
:
1071 if (al
->adapted_request
) {
1072 out
= al
->adapted_request
->url
.getScheme().c_str();
1077 case LFT_SERVER_REQ_URLDOMAIN
:
1078 if (al
->adapted_request
) {
1079 out
= al
->adapted_request
->url
.host();
1084 case LFT_SERVER_REQ_URLPORT
:
1085 if (al
->adapted_request
) {
1086 outint
= al
->adapted_request
->url
.port();
1091 case LFT_SERVER_REQ_URLPATH
:
1092 if (al
->adapted_request
) {
1093 SBuf s
= al
->adapted_request
->url
.path();
1099 case LFT_SERVER_REQ_VERSION
:
1100 if (al
->adapted_request
) {
1101 snprintf(tmp
, sizeof(tmp
), "%d.%d",
1102 (int) al
->adapted_request
->http_ver
.major
,
1103 (int) al
->adapted_request
->http_ver
.minor
);
1108 case LFT_CLIENT_REQUEST_SIZE_TOTAL
:
1109 outoff
= al
->http
.clientRequestSz
.messageTotal();
1113 case LFT_CLIENT_REQUEST_SIZE_HEADERS
:
1114 outoff
= al
->http
.clientRequestSz
.header
;
1118 /*case LFT_REQUEST_SIZE_BODY: */
1119 /*case LFT_REQUEST_SIZE_BODY_NO_TE: */
1121 case LFT_ADAPTED_REPLY_SIZE_TOTAL
:
1122 outoff
= al
->http
.clientReplySz
.messageTotal();
1126 case LFT_REPLY_HIGHOFFSET
:
1127 outoff
= al
->cache
.highOffset
;
1133 case LFT_REPLY_OBJECTSIZE
:
1134 outoff
= al
->cache
.objectSize
;
1140 case LFT_ADAPTED_REPLY_SIZE_HEADERS
:
1141 outint
= al
->http
.clientReplySz
.header
;
1145 /*case LFT_REPLY_SIZE_BODY: */
1146 /*case LFT_REPLY_SIZE_BODY_NO_TE: */
1148 case LFT_CLIENT_IO_SIZE_TOTAL
:
1149 outint
= al
->http
.clientRequestSz
.messageTotal() + al
->http
.clientReplySz
.messageTotal();
1152 /*case LFT_SERVER_IO_SIZE_TOTAL: */
1156 out
= al
->request
->tag
.termedBuf();
1164 out
= al
->request
->extacl_log
.termedBuf();
1170 case LFT_SEQUENCE_NUMBER
:
1171 outoff
= logSequenceNumber
;
1176 case LFT_SSL_BUMP_MODE
: {
1177 const Ssl::BumpMode mode
= static_cast<Ssl::BumpMode
>(al
->ssl
.bumpMode
);
1178 // for Ssl::bumpEnd, Ssl::bumpMode() returns NULL and we log '-'
1179 out
= Ssl::bumpMode(mode
);
1183 case LFT_EXT_ACL_USER_CERT_RAW
:
1185 ConnStateData
*conn
= al
->request
->clientConnectionManager
.get();
1186 if (conn
&& Comm::IsConnOpen(conn
->clientConnection
)) {
1187 if (auto ssl
= fd_table
[conn
->clientConnection
->fd
].ssl
.get())
1188 out
= sslGetUserCertificatePEM(ssl
);
1193 case LFT_EXT_ACL_USER_CERTCHAIN_RAW
:
1195 ConnStateData
*conn
= al
->request
->clientConnectionManager
.get();
1196 if (conn
&& Comm::IsConnOpen(conn
->clientConnection
)) {
1197 if (auto ssl
= fd_table
[conn
->clientConnection
->fd
].ssl
.get())
1198 out
= sslGetUserCertificatePEM(ssl
);
1203 case LFT_EXT_ACL_USER_CERT
:
1205 ConnStateData
*conn
= al
->request
->clientConnectionManager
.get();
1206 if (conn
&& Comm::IsConnOpen(conn
->clientConnection
)) {
1207 if (auto ssl
= fd_table
[conn
->clientConnection
->fd
].ssl
.get())
1208 out
= sslGetUserAttribute(ssl
, format
->data
.header
.header
);
1213 case LFT_EXT_ACL_USER_CA_CERT
:
1215 ConnStateData
*conn
= al
->request
->clientConnectionManager
.get();
1216 if (conn
&& Comm::IsConnOpen(conn
->clientConnection
)) {
1217 if (auto ssl
= fd_table
[conn
->clientConnection
->fd
].ssl
.get())
1218 out
= sslGetCAAttribute(ssl
, format
->data
.header
.header
);
1223 case LFT_SSL_USER_CERT_SUBJECT
:
1224 if (X509
*cert
= al
->cache
.sslClientCert
.get()) {
1225 if (X509_NAME
*subject
= X509_get_subject_name(cert
)) {
1226 X509_NAME_oneline(subject
, tmp
, sizeof(tmp
));
1232 case LFT_SSL_USER_CERT_ISSUER
:
1233 if (X509
*cert
= al
->cache
.sslClientCert
.get()) {
1234 if (X509_NAME
*issuer
= X509_get_issuer_name(cert
)) {
1235 X509_NAME_oneline(issuer
, tmp
, sizeof(tmp
));
1241 case LFT_SSL_CLIENT_SNI
:
1242 if (al
->request
&& al
->request
->clientConnectionManager
.valid()) {
1243 if (Ssl::ServerBump
* srvBump
= al
->request
->clientConnectionManager
->serverBump()) {
1244 if (!srvBump
->clientSni
.isEmpty())
1245 out
= srvBump
->clientSni
.c_str();
1250 case LFT_SSL_SERVER_CERT_ERRORS
:
1251 if (al
->request
&& al
->request
->clientConnectionManager
.valid()) {
1252 if (Ssl::ServerBump
* srvBump
= al
->request
->clientConnectionManager
->serverBump()) {
1253 const char *separator
= fmt
->data
.string
? fmt
->data
.string
: ":";
1254 for (Ssl::CertErrors
const *sslError
= srvBump
->sslErrors(); sslError
!= NULL
; sslError
= sslError
->next
) {
1256 sb
.append(separator
);
1257 if (const char *errorName
= Ssl::GetErrorName(sslError
->element
.code
))
1258 sb
.append(errorName
);
1260 sb
.append(sslErrorName(sslError
->element
.code
, tmp
, sizeof(tmp
)));
1261 if (sslError
->element
.depth
>= 0) {
1262 snprintf(tmp
, sizeof(tmp
), "@depth=%d", sslError
->element
.depth
);
1267 out
= sb
.termedBuf();
1272 case LFT_SSL_SERVER_CERT_ISSUER
:
1273 case LFT_SSL_SERVER_CERT_SUBJECT
:
1274 if (al
->request
&& al
->request
->clientConnectionManager
.valid()) {
1275 if (Ssl::ServerBump
* srvBump
= al
->request
->clientConnectionManager
->serverBump()) {
1276 if (X509
*serverCert
= srvBump
->serverCert
.get()) {
1277 if (fmt
->type
== LFT_SSL_SERVER_CERT_SUBJECT
)
1278 out
= Ssl::GetX509UserAttribute(serverCert
, "DN");
1280 out
= Ssl::GetX509CAAttribute(serverCert
, "DN");
1286 case LFT_TLS_CLIENT_NEGOTIATED_VERSION
:
1287 if (al
->tcpClient
!= nullptr && al
->tcpClient
->hasTlsNegotiations())
1288 out
= al
->tcpClient
->hasTlsNegotiations()->negotiatedVersion();
1291 case LFT_TLS_SERVER_NEGOTIATED_VERSION
:
1292 if (al
->hier
.tcpServer
!= nullptr && al
->hier
.tcpServer
->hasTlsNegotiations())
1293 out
= al
->hier
.tcpServer
->hasTlsNegotiations()->negotiatedVersion();
1296 case LFT_TLS_CLIENT_RECEIVED_HELLO_VERSION
:
1297 if (al
->tcpClient
!= nullptr && al
->tcpClient
->hasTlsNegotiations())
1298 out
= al
->tcpClient
->hasTlsNegotiations()->helloVersion();
1301 case LFT_TLS_SERVER_RECEIVED_HELLO_VERSION
:
1302 if (al
->hier
.tcpServer
!= nullptr && al
->hier
.tcpServer
->hasTlsNegotiations())
1303 out
= al
->hier
.tcpServer
->hasTlsNegotiations()->helloVersion();
1306 case LFT_TLS_CLIENT_SUPPORTED_VERSION
:
1307 if (al
->tcpClient
!= nullptr && al
->tcpClient
->hasTlsNegotiations())
1308 out
= al
->tcpClient
->hasTlsNegotiations()->supportedVersion();
1311 case LFT_TLS_SERVER_SUPPORTED_VERSION
:
1312 if (al
->hier
.tcpServer
!= nullptr && al
->hier
.tcpServer
->hasTlsNegotiations())
1313 out
= al
->hier
.tcpServer
->hasTlsNegotiations()->supportedVersion();
1316 case LFT_TLS_CLIENT_NEGOTIATED_CIPHER
:
1317 if (al
->tcpClient
!= nullptr && al
->tcpClient
->hasTlsNegotiations())
1318 out
= al
->tcpClient
->hasTlsNegotiations()->cipherName();
1321 case LFT_TLS_SERVER_NEGOTIATED_CIPHER
:
1322 if (al
->hier
.tcpServer
!= nullptr && al
->hier
.tcpServer
->hasTlsNegotiations())
1323 out
= al
->hier
.tcpServer
->hasTlsNegotiations()->cipherName();
1327 case LFT_REQUEST_URLGROUP_OLD_2X
:
1328 assert(LFT_REQUEST_URLGROUP_OLD_2X
== 0); // should never happen.
1331 tmp
[0] = fmt
->data
.header
.separator
;
1333 if (fmt
->data
.header
.header
&& *fmt
->data
.header
.header
) {
1334 const char *separator
= tmp
;
1336 Adaptation::History::Pointer ah
= al
->request
? al
->request
->adaptHistory() : Adaptation::History::Pointer();
1337 if (ah
!= NULL
&& ah
->metaHeaders
!= NULL
) {
1338 if (const char *meta
= ah
->metaHeaders
->find(fmt
->data
.header
.header
, separator
))
1342 if (al
->notes
!= NULL
) {
1343 if (const char *note
= al
->notes
->find(fmt
->data
.header
.header
, separator
)) {
1345 sb
.append(separator
);
1349 out
= sb
.termedBuf();
1352 // if no argument given use default "\r\n" as notes separator
1353 const char *separator
= fmt
->data
.string
? tmp
: "\r\n";
1355 Adaptation::History::Pointer ah
= al
->request
? al
->request
->adaptHistory() : Adaptation::History::Pointer();
1356 if (ah
!= NULL
&& ah
->metaHeaders
!= NULL
&& !ah
->metaHeaders
->empty())
1357 sb
.append(ah
->metaHeaders
->toString(separator
));
1359 if (al
->notes
!= NULL
&& !al
->notes
->empty())
1360 sb
.append(al
->notes
->toString(separator
));
1362 out
= sb
.termedBuf();
1367 case LFT_CREDENTIALS
:
1369 if (al
->request
&& al
->request
->auth_user_request
!= NULL
)
1370 out
= strOrNull(al
->request
->auth_user_request
->credentialsStr());
1379 case LFT_EXT_ACL_NAME
:
1380 out
= al
->lastAclName
;
1383 case LFT_EXT_ACL_DATA
:
1384 if (!al
->lastAclData
.isEmpty())
1385 out
= al
->lastAclData
.c_str();
1390 snprintf(tmp
, sizeof(tmp
), "%0*" PRId64
, fmt
->zero
&& fmt
->widthMin
>= 0 ? fmt
->widthMin
: 0, outoff
);
1394 snprintf(tmp
, sizeof(tmp
), "%0*ld", fmt
->zero
&& fmt
->widthMin
>= 0 ? fmt
->widthMin
: 0, outint
);
1396 } else if (doMsec
) {
1397 if (fmt
->widthMax
< 0) {
1398 snprintf(tmp
, sizeof(tmp
), "%0*ld", fmt
->widthMin
, tvToMsec(outtv
));
1400 int precision
= fmt
->widthMax
;
1401 snprintf(tmp
, sizeof(tmp
), "%0*" PRId64
".%0*" PRId64
"", fmt
->zero
&& (fmt
->widthMin
- precision
- 1 >= 0) ? fmt
->widthMin
- precision
- 1 : 0, static_cast<int64_t>(outtv
.tv_sec
* 1000 + outtv
.tv_usec
/ 1000), precision
, static_cast<int64_t>((outtv
.tv_usec
% 1000 )* (1000 / fmt
->divisor
)));
1405 int precision
= fmt
->widthMax
>=0 ? fmt
->widthMax
:3;
1406 snprintf(tmp
, sizeof(tmp
), "%0*" PRId64
".%0*d", fmt
->zero
&& (fmt
->widthMin
- precision
- 1 >= 0) ? fmt
->widthMin
- precision
- 1 : 0, static_cast<int64_t>(outtv
.tv_sec
), precision
, (int)(outtv
.tv_usec
/ fmt
->divisor
));
1411 if (quote
|| fmt
->quote
!= LOG_QUOTE_NONE
) {
1412 char *newout
= NULL
;
1415 switch (fmt
->quote
) {
1417 case LOG_QUOTE_NONE
:
1418 newout
= rfc1738_escape_unescaped(out
);
1421 case LOG_QUOTE_QUOTES
: {
1422 size_t out_len
= static_cast<size_t>(strlen(out
)) * 2 + 1;
1423 if (out_len
>= sizeof(tmp
)) {
1424 newout
= (char *)xmalloc(out_len
);
1428 log_quoted_string(out
, newout
);
1432 case LOG_QUOTE_MIMEBLOB
:
1433 newout
= QuoteMimeBlob(out
);
1438 newout
= rfc1738_escape(out
);
1441 case LOG_QUOTE_SHELL
: {
1444 strwordquote(&mbq
, out
);
1445 newout
= mbq
.content();
1465 // enforce width limits if configured
1466 const bool haveMaxWidth
= fmt
->widthMax
>=0 && !doint
&& !dooff
&& !doMsec
&& !doSec
;
1467 if (haveMaxWidth
|| fmt
->widthMin
) {
1468 const int minWidth
= fmt
->widthMin
>= 0 ?
1470 const int maxWidth
= haveMaxWidth
?
1471 fmt
->widthMax
: strlen(out
);
1474 mb
.appendf("%-*.*s", minWidth
, maxWidth
, out
);
1476 mb
.appendf("%*.*s", minWidth
, maxWidth
, out
);
1478 mb
.append(out
, strlen(out
));