%la for intercepted connections

This patch adjusts the %la logformat code handling for intercepted connections
based on the following rules:
 - If the corresponding http_port or https_port option has an explicit
   listening host name or IP address, then log the IP address.
 - Otherwise, log a dash character.

Also adjusts %lp logformat code handling for intercepted connections to always
log the port number from the corresponding http_port or https_port option.

Amos comments about %la formating code:
For the record these are the permutations we seek to cover...

Scenario 1: client 192.168.0.3 connects to google (74.125.237.81). Gets intercepted into Squid.

  1a) squid.conf:  http_port 3129 intercept|tproxy

   tcpClient->remote == 192.168.0.3:$random    (%>a:%>p)
   tcpClient->local == 74.125.237.81:80        (%>la:%>lp)
   al->cache.port->s.local == 0.0.0.0:3129     (%la:%lp) [log "-"]

  1b) squid.conf:  http_port 192.168.0.1:3129 intercept|tproxy

   tcpClient->remote == 192.168.0.3:$random    (%>a:%>p)
   tcpClient->local == 74.125.237.81:80        (%>la:%>lp)
   al->cache.port->s.local == 192.168.0.1:3129  (%la:%lp) [log 192...]

Scenario 2: client 192.168.0.3 connects to Squid asking for http://google.com

  2a) squid.conf:  http_port 3128 [accel]

   tcpClient->remote == 192.168.0.3:$random    (%>a:%>p)
   tcpClient->local == 192.168.0.1:3128        (%>la:%>lp)
   al->cache.port->s.local == 0.0.0.0:3128     (%la:%lp) [log 192...]

  2b) squid.conf:  http_port 192.168.0.1:3128 [accel]

   tcpClient->remote == 192.168.0.3:$random    (%>a:%>p)
   tcpClient->local == 192.168.0.1:3128        (%>la:%>lp)
   al->cache.port->s.local == 192.168.0.1:3128 (%la:%lp) [log 192...]

Senario 3: squid generates an internal request.

 tcpClient == NULL    (%>a:%>p,%>la:%>lp) [log "-"]
 al->cache.port == NULL     (%la:%lp) [log "-"]

diff --git a/src/AccessLogEntry.h b/src/AccessLogEntry.h
index e4c29fa0fd166d45399be51178965c5856acfb4b..5c2d80616dfb731fbd4cb3e2ed2227667f76ae5d 100644 (file)
--- a/src/AccessLogEntry.h
+++ b/src/AccessLogEntry.h
@@ -39,6 +39,7 @@
 #if ICAP_CLIENT
 #include "adaptation/icap/Elements.h"
 #endif
+#include "ProtoPort.h"
 
 /* forward decls */
 class HttpReply;
@@ -148,6 +149,7 @@ public:
 
         const char *ssluser;
 #endif
+        http_port_list *port;
 
     } cache;
 

diff --git a/src/cf.data.pre b/src/cf.data.pre
index 0017664fa5cde780ee68e5dbf55b174d547d0388..e9ac298bc5410939c56b37bd813520e9d3e6f7e2 100644 (file)
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -2901,6 +2901,9 @@ DOC_START
                >la     Local IP address the client connected to
                >lp     Local port number the client connected to
 
+               la      Local listening IP address the client connection was connected to.
+               lp      Local listening port number the client connection was connected to.
+
                <a      Server IP address of the last server or peer connection
                <A      Server FQDN or peer name
                <p      Server port number of the last server or peer connection

diff --git a/src/client_side.cc b/src/client_side.cc
index 7c9b33b02422a9cbbda27cae9eca349091277759..ea09e58bbdd6bf2d5dcf732f173bd1fa6b5cb4a3 100644 (file)
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -640,7 +640,10 @@ ClientHttpRequest::logRequest()
 
     al.cache.caddr.SetNoAddr();
 
-    if (getConn() != NULL) al.cache.caddr = getConn()->log_addr;
+    if (getConn() != NULL) {
+        al.cache.caddr = getConn()->log_addr;
+        al.cache.port =  cbdataReference(getConn()->port);
+    }
 
     al.cache.requestSize = req_sz;
     al.cache.requestHeadersSize = req_sz;

diff --git a/src/format/Format.cc b/src/format/Format.cc
index 18ab080072d9b6011837c651912743cbe7ef025d..1f5b2676c0e2614e92af607c0a4a6bb0410d3cac 100644 (file)
--- a/src/format/Format.cc
+++ b/src/format/Format.cc
@@ -367,14 +367,32 @@ Format::Format::assemble(MemBuf &mb, AccessLogEntry *al, int logSequenceNumber)
             }
             break;
 
-        case LFT_CLIENT_LOCAL_IP_OLD_31:
+        case LFT_LOCAL_LISTENING_IP: {
+            // avoid logging a dash if we have reliable info
+            const bool interceptedAtKnownPort = (al->request->flags.spoof_client_ip ||
+                                                 al->request->flags.intercepted) && al->cache.port;
+            if (interceptedAtKnownPort) {
+                const bool portAddressConfigured = !al->cache.port->s.IsAnyAddr();
+                if (portAddressConfigured)
+                    out = al->cache.port->s.NtoA(tmp, sizeof(tmp));
+            } else if (al->tcpClient != NULL)
+                out = al->tcpClient->local.NtoA(tmp, sizeof(tmp));
+        }
+        break;
+
         case LFT_CLIENT_LOCAL_IP:
             if (al->tcpClient != NULL) {
                 out = al->tcpClient->local.NtoA(tmp,sizeof(tmp));
             }
             break;
 
-        case LFT_CLIENT_LOCAL_PORT_OLD_31:
+        case LFT_LOCAL_LISTENING_PORT:
+            if (al->cache.port) {
+                outint = al->cache.port->s.GetPort();
+                doint = 1;
+            }
+            break;
+
         case LFT_CLIENT_LOCAL_PORT:
             if (al->tcpClient != NULL) {
                 outint = al->tcpClient->local.GetPort();

diff --git a/src/format/Tokens.cc b/src/format/Tokens.cc
index 2a87214a1667aedb82b74d6482428b367d2e8ec5..0a4f1b0aebf890ad3445e07719b4ac542e16130c 100644 (file)
--- a/src/format/Tokens.cc
+++ b/src/format/Tokens.cc
@@ -62,9 +62,9 @@ static struct TokenTableEntry TokenTable1C[] = {
 static struct TokenTableEntry TokenTable2C[] = {
 
     {">la", LFT_CLIENT_LOCAL_IP},
-    {"la", LFT_CLIENT_LOCAL_IP_OLD_31},
+    {"la", LFT_LOCAL_LISTENING_IP},
     {">lp", LFT_CLIENT_LOCAL_PORT},
-    {"lp", LFT_CLIENT_LOCAL_PORT_OLD_31},
+    {"lp", LFT_LOCAL_LISTENING_PORT},
     /*{ "lA", LFT_LOCAL_NAME }, */
 
     {"<la", LFT_SERVER_LOCAL_IP},
@@ -496,16 +496,6 @@ done:
         type = LFT_HTTP_SENT_STATUS_CODE;
         break;
 
-    case LFT_CLIENT_LOCAL_IP_OLD_31:
-        debugs(46, 0, "WARNING: The \"la\" formatting code is deprecated. Use the \">la\" instead.");
-        type = LFT_CLIENT_LOCAL_IP;
-        break;
-
-    case LFT_CLIENT_LOCAL_PORT_OLD_31:
-        debugs(46, 0, "WARNING: The \"lp\" formatting code is deprecated. Use the \">lp\" instead.");
-        type = LFT_CLIENT_LOCAL_PORT;
-        break;
-
     case LFT_SERVER_LOCAL_IP_OLD_27:
         debugs(46, 0, "WARNING: The \"oa\" formatting code is deprecated. Use the \"<la\" instead.");
         type = LFT_SERVER_LOCAL_IP;

diff --git a/src/format/Tokens.h b/src/format/Tokens.h
index aff0212f1102cb9afaf9024738918a5a0d1edac4..fefe2e059cf808d8215fdb71dcca6f30e711707b 100644 (file)
--- a/src/format/Tokens.h
+++ b/src/format/Tokens.h
@@ -35,9 +35,9 @@ typedef enum {
     LFT_SERVER_PORT,
 
     LFT_CLIENT_LOCAL_IP,
-    LFT_CLIENT_LOCAL_IP_OLD_31,
+    LFT_LOCAL_LISTENING_IP,
     LFT_CLIENT_LOCAL_PORT,
-    LFT_CLIENT_LOCAL_PORT_OLD_31,
+    LFT_LOCAL_LISTENING_PORT,
     /*LFT_LOCAL_NAME, */
 
     LFT_SERVER_LOCAL_IP,

diff --git a/src/log/access_log.cc b/src/log/access_log.cc
index fc77705959743f6f92fe757d1df1b03cad1efa04..228fee6f3d0d1c62ae9bcd83bd8580040eaef059 100644 (file)
--- a/src/log/access_log.cc
+++ b/src/log/access_log.cc
@@ -596,6 +596,7 @@ accessLogFreeMemory(AccessLogEntry * aLogEntry)
     HTTPMSGUNLOCK(aLogEntry->icap.reply);
     HTTPMSGUNLOCK(aLogEntry->icap.request);
 #endif
+    cbdataReferenceDone(aLogEntry->cache.port);
 }
 
 int