From: Jeff Trawick Date: Sun, 11 Sep 2005 13:09:25 +0000 (+0000) Subject: from trunk, backport ap_log_cerror(), along with some helpful uses X-Git-Tag: 2.0.55~52 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f5e5d81539a54dff36048b451a6212122e89343d;p=thirdparty%2Fapache%2Fhttpd.git from trunk, backport ap_log_cerror(), along with some helpful uses of it Reviewed by: stoddard, wrowe git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@280124 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 05c136ae83d..c35de13ec94 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.0.55 + *) Add ap_log_cerror() for logging messages associated with particular + client connections. [Jeff Trawick] + *) Correct mod_cgid's argv[0] so that the full path can be delved by the invoked cgi application, to conform to the behavior of mod_cgi. [Pradeep Kumar S ] diff --git a/STATUS b/STATUS index 6ea68bbd6c4..8b105e0e117 100644 --- a/STATUS +++ b/STATUS @@ -131,16 +131,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - *) several changes to improve logging of connection-oriented errors, including - ap_log_cerror() API (needs minor bump in addition to changes below) - http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/core.c?r1=1.289&r2=1.291 - http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/log.c?r1=1.150&r2=1.151 - http://cvs.apache.org/viewcvs.cgi/httpd-2.0/include/http_log.h?r1=1.46&r2=1.48 - +1: trawick, stoddard, wrowe - [wrowe notes that his previous objection is moot, based on security fixes - applied between .44 and .54 - but -please- doxygen the version of Apache - required in the API header note, for users who adopt this alternative.] - *) mod_cgi: Added API call and overload of detached field in cgi_exec_info_t structure to support loading in current or new address space for CGIs. The patch change how NetWare use cmdtype for diff --git a/include/ap_mmn.h b/include/ap_mmn.h index fb4e262dc69..3163d31db36 100644 --- a/include/ap_mmn.h +++ b/include/ap_mmn.h @@ -83,6 +83,7 @@ * ap_finalize_sub_req_protocol on Win32 and NetWare * 20020903.9 (2.0.51-dev) create pcommands and initialize arrays before * calling ap_setup_prelinked_modules + * 20020903.10 (2.0.55-dev) add ap_log_cerror() */ #define MODULE_MAGIC_COOKIE 0x41503230UL /* "AP20" */ @@ -90,7 +91,7 @@ #ifndef MODULE_MAGIC_NUMBER_MAJOR #define MODULE_MAGIC_NUMBER_MAJOR 20020903 #endif -#define MODULE_MAGIC_NUMBER_MINOR 9 /* 0...n */ +#define MODULE_MAGIC_NUMBER_MINOR 10 /* 0...n */ /** * Determine if the server's current MODULE_MAGIC_NUMBER is at least a diff --git a/include/http_log.h b/include/http_log.h index 93895f13c16..0efb077abb1 100644 --- a/include/http_log.h +++ b/include/http_log.h @@ -131,8 +131,8 @@ void ap_logs_child_init(apr_pool_t *p, server_rec *s); #endif /* CORE_PRIVATE */ /* - * The three primary logging functions, ap_log_error, ap_log_rerror, and - * ap_log_perror use a printf style format string to build the log message. + * The primary logging functions, ap_log_error, ap_log_rerror, ap_log_cerror, + * and ap_log_perror use a printf style format string to build the log message. * It is VERY IMPORTANT that you not include any raw data from the network, * such as the request-URI or request header fields, within the format * string. Doing so makes the server vulnerable to a denial-of-service @@ -141,8 +141,9 @@ void ap_logs_child_init(apr_pool_t *p, server_rec *s); */ /** - * One of the primary logging routines in Apache. This uses a printf-like - * format to log messages to the error_log. + * ap_log_error() - log messages which are not related to a particular + * request or connection. This uses a printf-like format to log messages + * to the error_log. * @param file The file in which this function is called * @param line The line number on which this function is called * @param level The level of this error message @@ -151,6 +152,10 @@ void ap_logs_child_init(apr_pool_t *p, server_rec *s); * @param fmt The format string * @param ... The arguments to use to fill out fmt. * @tip Use APLOG_MARK to fill out file and line + * @tip If a request_rec is available, use that with ap_log_rerror() + * in preference to calling this function. Otherwise, if a conn_rec is + * available, use that with ap_log_cerror() in preference to calling + * this function. * @warning It is VERY IMPORTANT that you not include any raw data from * the network, such as the request-URI or request header fields, within * the format string. Doing so makes the server vulnerable to a @@ -165,8 +170,9 @@ AP_DECLARE(void) ap_log_error(const char *file, int line, int level, __attribute__((format(printf,6,7))); /** - * The second of the primary logging routines in Apache. This uses - * a printf-like format to log messages to the error_log. + * ap_log_perror() - log messages which are not related to a particular + * request, connection, or virtual server. This uses a printf-like + * format to log messages to the error_log. * @param file The file in which this function is called * @param line The line number on which this function is called * @param level The level of this error message @@ -189,13 +195,14 @@ AP_DECLARE(void) ap_log_perror(const char *file, int line, int level, __attribute__((format(printf,6,7))); /** - * The last of the primary logging routines in Apache. This uses - * a printf-like format to log messages to the error_log. + * ap_log_rerror() - log messages which are related to a particular + * request. This uses a a printf-like format to log messages to the + * error_log. * @param file The file in which this function is called * @param line The line number on which this function is called * @param level The level of this error message * @param status The status code from the previous command - * @param s The request which we are logging for + * @param r The request which we are logging for * @param fmt The format string * @param ... The arguments to use to fill out fmt. * @tip Use APLOG_MARK to fill out file and line @@ -205,13 +212,41 @@ AP_DECLARE(void) ap_log_perror(const char *file, int line, int level, * denial-of-service attack and other messy behavior. Instead, use a * simple format string like "%s", followed by the string containing the * untrusted data. - * @deffunc void ap_log_rerror(const char *file, int line, int level, apr_status_t status, request_rec *r, const char *fmt, ...) + * @deffunc void ap_log_rerror(const char *file, int line, int level, apr_status_t status, const request_rec *r, const char *fmt, ...) */ AP_DECLARE(void) ap_log_rerror(const char *file, int line, int level, apr_status_t status, const request_rec *r, const char *fmt, ...) __attribute__((format(printf,6,7))); +/** + * ap_log_cerror() - log messages which are related to a particular + * connection. This uses a a printf-like format to log messages to the + * error_log. + * @param file The file in which this function is called + * @param line The line number on which this function is called + * @param level The level of this error message + * @param status The status code from the previous command + * @param c The connection which we are logging for + * @param fmt The format string + * @param ... The arguments to use to fill out fmt. + * @tip Use APLOG_MARK to fill out file and line + * @tip If a request_rec is available, use that with ap_log_rerror() + * in preference to calling this function. + * @warning It is VERY IMPORTANT that you not include any raw data from + * the network, such as the request-URI or request header fields, within + * the format string. Doing so makes the server vulnerable to a + * denial-of-service attack and other messy behavior. Instead, use a + * simple format string like "%s", followed by the string containing the + * untrusted data. + * @note ap_log_cerror() is available starting with Apache 2.0.55. + * @deffunc void ap_log_cerror(const char *file, int line, int level, apr_status_t status, const conn_rec *c, const char *fmt, ...) + */ +AP_DECLARE(void) ap_log_cerror(const char *file, int line, int level, + apr_status_t status, const conn_rec *c, + const char *fmt, ...) + __attribute__((format(printf,6,7))); + /** * Convert stderr to the error log * @param s The current server diff --git a/server/core.c b/server/core.c index d3ffd7ea0ae..ee331ca26e3 100644 --- a/server/core.c +++ b/server/core.c @@ -4170,9 +4170,9 @@ static apr_status_t core_output_filter(ap_filter_t *f, apr_bucket_brigade *b) rv = apr_bucket_read(bucket, &buf, &len, APR_BLOCK_READ); if (rv != APR_SUCCESS) { - ap_log_error(APLOG_MARK, APLOG_ERR, rv, - c->base_server, "core_output_filter:" - " Error reading from bucket."); + ap_log_cerror(APLOG_MARK, APLOG_ERR, rv, + c, "core_output_filter:" + " Error reading from bucket."); return HTTP_INTERNAL_SERVER_ERROR; } } @@ -4279,8 +4279,8 @@ static apr_status_t core_output_filter(ap_filter_t *f, apr_bucket_brigade *b) } if (rv != APR_SUCCESS) { - ap_log_error(APLOG_MARK, APLOG_INFO, rv, c->base_server, - "core_output_filter: writing data to the network"); + ap_log_cerror(APLOG_MARK, APLOG_INFO, rv, c, + "core_output_filter: writing data to the network"); if (more) apr_brigade_destroy(more); @@ -4455,6 +4455,7 @@ static conn_rec *core_create_conn(apr_pool_t *ptrans, server_rec *server, static int core_pre_connection(conn_rec *c, void *csd) { core_net_rec *net = apr_palloc(c->pool, sizeof(*net)); + apr_status_t rv; #ifdef AP_MPM_DISABLE_NAGLE_ACCEPTED_SOCK /* BillS says perhaps this should be moved to the MPMs. Some OSes @@ -4462,7 +4463,21 @@ static int core_pre_connection(conn_rec *c, void *csd) * accept sockets which means this call only needs to be made * once on the listener */ - ap_sock_disable_nagle(csd); + /* The Nagle algorithm says that we should delay sending partial + * packets in hopes of getting more data. We don't want to do + * this; we are not telnet. There are bad interactions between + * persistent connections and Nagle's algorithm that have very severe + * performance penalties. (Failing to disable Nagle is not much of a + * problem with simple HTTP.) + */ + rv = apr_socket_opt_set(csd, APR_TCP_NODELAY, 1); + if (rv != APR_SUCCESS && rv != APR_ENOTIMPL) { + /* expected cause is that the client disconnected already, + * hence the debug level + */ + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, rv, c, + "apr_socket_opt_set(APR_TCP_NODELAY)"); + } #endif net->c = c; net->in_ctx = NULL; diff --git a/server/log.c b/server/log.c index 10bdb566f38..a4692f42c73 100644 --- a/server/log.c +++ b/server/log.c @@ -405,6 +405,7 @@ AP_DECLARE(void) ap_error_log2stderr(server_rec *s) { static void log_error_core(const char *file, int line, int level, apr_status_t status, const server_rec *s, + const conn_rec *c, const request_rec *r, apr_pool_t *pool, const char *fmt, va_list args) { @@ -417,6 +418,10 @@ static void log_error_core(const char *file, int line, int level, const char *referer; int level_and_mask = level & APLOG_LEVELMASK; + if (r && r->connection) { + c = r->connection; + } + if (s == NULL) { /* * If we are doing stderr logging (startup), don't log messages that are @@ -512,14 +517,14 @@ static void log_error_core(const char *file, int line, int level, } #endif /* TPF */ - if (r && r->connection) { + if (c) { /* XXX: TODO: add a method of selecting whether logged client * addresses are in dotted quad or resolved form... dotted * quad is the most secure, which is why I'm implementing it * first. -djg */ len += apr_snprintf(errstr + len, MAX_STRING_LEN - len, - "[client %s] ", r->connection->remote_ip); + "[client %s] ", c->remote_ip); } if (status != 0) { if (status < APR_OS_START_EAIERR) { @@ -598,7 +603,7 @@ AP_DECLARE(void) ap_log_error(const char *file, int line, int level, va_list args; va_start(args, fmt); - log_error_core(file, line, level, status, s, NULL, NULL, fmt, args); + log_error_core(file, line, level, status, s, NULL, NULL, NULL, fmt, args); va_end(args); } @@ -609,7 +614,7 @@ AP_DECLARE(void) ap_log_perror(const char *file, int line, int level, va_list args; va_start(args, fmt); - log_error_core(file, line, level, status, NULL, NULL, p, fmt, args); + log_error_core(file, line, level, status, NULL, NULL, NULL, p, fmt, args); va_end(args); } @@ -620,7 +625,8 @@ AP_DECLARE(void) ap_log_rerror(const char *file, int line, int level, va_list args; va_start(args, fmt); - log_error_core(file, line, level, status, r->server, r, NULL, fmt, args); + log_error_core(file, line, level, status, r->server, NULL, r, NULL, fmt, + args); /* * IF APLOG_TOCLIENT is set, @@ -641,6 +647,18 @@ AP_DECLARE(void) ap_log_rerror(const char *file, int line, int level, va_end(args); } +AP_DECLARE(void) ap_log_cerror(const char *file, int line, int level, + apr_status_t status, const conn_rec *c, + const char *fmt, ...) +{ + va_list args; + + va_start(args, fmt); + log_error_core(file, line, level, status, c->base_server, c, NULL, NULL, + fmt, args); + va_end(args); +} + AP_DECLARE(void) ap_log_pid(apr_pool_t *p, const char *filename) { apr_file_t *pid_file = NULL;