From a2e35a075794f98df4b1ce445ffa2c5eea373b8a Mon Sep 17 00:00:00 2001 From: Tatsuhiro Tsujikawa Date: Tue, 18 Apr 2017 22:44:26 +0900 Subject: [PATCH] nghttpx: Add $tls_sni access log variable --- gennghttpxfun.py | 1 + src/shrpx.cc | 1 + src/shrpx_client_handler.cc | 2 +- src/shrpx_config.cc | 5 +++++ src/shrpx_log.cc | 7 +++++++ src/shrpx_log.h | 2 ++ 6 files changed, 17 insertions(+), 1 deletion(-) diff --git a/gennghttpxfun.py b/gennghttpxfun.py index b42bd248..4c80550f 100755 --- a/gennghttpxfun.py +++ b/gennghttpxfun.py @@ -188,6 +188,7 @@ LOGVARS = [ "tls_protocol", "tls_session_id", "tls_session_reused", + "tls_sni", "backend_host", "backend_port", ] diff --git a/src/shrpx.cc b/src/shrpx.cc index 4c4ab9ac..1ac50360 100644 --- a/src/shrpx.cc +++ b/src/shrpx.cc @@ -2452,6 +2452,7 @@ Logging: * $tls_session_id: session ID for SSL/TLS connection. * $tls_session_reused: "r" if SSL/TLS session was reused. Otherwise, "." + * $tls_sni: SNI server name for SSL/TLS connection. * $backend_host: backend host used to fulfill the request. "-" if backend host is not available. * $backend_port: backend port used to fulfill the diff --git a/src/shrpx_client_handler.cc b/src/shrpx_client_handler.cc index b0063b33..d4ddb2c6 100644 --- a/src/shrpx_client_handler.cc +++ b/src/shrpx_client_handler.cc @@ -1216,7 +1216,7 @@ void ClientHandler::write_accesslog(Downstream *downstream) { upstream_accesslog( config->logging.access.format, LogSpec{ - downstream, ipaddr_, alpn_, + downstream, ipaddr_, alpn_, sni_, nghttp2::tls::get_tls_session_info(&tls_info, conn_.tls.ssl), std::chrono::high_resolution_clock::now(), // request_end_time port_, faddr_->port, config->pid, diff --git a/src/shrpx_config.cc b/src/shrpx_config.cc index 997b0ee5..53e89dd3 100644 --- a/src/shrpx_config.cc +++ b/src/shrpx_config.cc @@ -401,6 +401,11 @@ LogFragmentType log_var_lookup_token(const char *name, size_t namelen) { break; case 7: switch (name[6]) { + case 'i': + if (util::strieq_l("tls_sn", name, 6)) { + return SHRPX_LOGF_TLS_SNI; + } + break; case 't': if (util::strieq_l("reques", name, 6)) { return SHRPX_LOGF_REQUEST; diff --git a/src/shrpx_log.cc b/src/shrpx_log.cc index edb30b91..19896549 100644 --- a/src/shrpx_log.cc +++ b/src/shrpx_log.cc @@ -518,6 +518,13 @@ void upstream_accesslog(const std::vector &lfv, std::tie(p, last) = copy(lgsp.tls_info->session_reused ? 'r' : '.', p, last); break; + case SHRPX_LOGF_TLS_SNI: + if (lgsp.sni.empty()) { + std::tie(p, last) = copy('-', p, last); + break; + } + std::tie(p, last) = copy_escape(lgsp.sni, p, last); + break; case SHRPX_LOGF_BACKEND_HOST: if (!downstream_addr) { std::tie(p, last) = copy('-', p, last); diff --git a/src/shrpx_log.h b/src/shrpx_log.h index 22cc153c..974c8de6 100644 --- a/src/shrpx_log.h +++ b/src/shrpx_log.h @@ -137,6 +137,7 @@ enum LogFragmentType { SHRPX_LOGF_SSL_SESSION_ID = SHRPX_LOGF_TLS_SESSION_ID, SHRPX_LOGF_TLS_SESSION_REUSED, SHRPX_LOGF_SSL_SESSION_REUSED = SHRPX_LOGF_TLS_SESSION_REUSED, + SHRPX_LOGF_TLS_SNI, SHRPX_LOGF_BACKEND_HOST, SHRPX_LOGF_BACKEND_PORT, }; @@ -152,6 +153,7 @@ struct LogSpec { Downstream *downstream; StringRef remote_addr; StringRef alpn; + StringRef sni; const nghttp2::tls::TLSSessionInfo *tls_info; std::chrono::high_resolution_clock::time_point request_end_time; StringRef remote_port;