nghttpx: Add $tls_sni access log variable

2017-04-18 22:44:26 +09:00 · 2017-04-18 22:44:26 +09:00 · a2e35a0757
parent a4a2b6403b
commit a2e35a0757
6 changed files with 17 additions and 1 deletions
--- a/gennghttpxfun.py
+++ b/gennghttpxfun.py
@ -188,6 +188,7 @@ LOGVARS = [
    "tls_protocol",
    "tls_session_id",
    "tls_session_reused",
+    "tls_sni",
    "backend_host",
    "backend_port",
 ]
--- a/src/shrpx.cc
+++ b/src/shrpx.cc
@ -2452,6 +2452,7 @@ Logging:
              * $tls_session_id: session ID for SSL/TLS connection.
              * $tls_session_reused:  "r"   if  SSL/TLS   session  was
                reused.  Otherwise, "."
+              * $tls_sni: SNI server name for SSL/TLS connection.
              * $backend_host:  backend  host   used  to  fulfill  the
                request.  "-" if backend host is not available.
              * $backend_port:  backend  port   used  to  fulfill  the
--- a/src/shrpx_client_handler.cc
+++ b/src/shrpx_client_handler.cc
@ -1216,7 +1216,7 @@ void ClientHandler::write_accesslog(Downstream *downstream) {
  upstream_accesslog(
      config->logging.access.format,
      LogSpec{
-          downstream, ipaddr_, alpn_,
+          downstream, ipaddr_, alpn_, sni_,
          nghttp2::tls::get_tls_session_info(&tls_info, conn_.tls.ssl),
          std::chrono::high_resolution_clock::now(), // request_end_time
          port_, faddr_->port, config->pid,
--- a/src/shrpx_config.cc
+++ b/src/shrpx_config.cc
@ -401,6 +401,11 @@ LogFragmentType log_var_lookup_token(const char *name, size_t namelen) {
    break;
  case 7:
    switch (name[6]) {
+    case 'i':
+      if (util::strieq_l("tls_sn", name, 6)) {
+        return SHRPX_LOGF_TLS_SNI;
+      }
+      break;
    case 't':
      if (util::strieq_l("reques", name, 6)) {
        return SHRPX_LOGF_REQUEST;
--- a/src/shrpx_log.cc
+++ b/src/shrpx_log.cc
@ -518,6 +518,13 @@ void upstream_accesslog(const std::vector<LogFragment> &lfv,
      std::tie(p, last) =
          copy(lgsp.tls_info->session_reused ? 'r' : '.', p, last);
      break;
+    case SHRPX_LOGF_TLS_SNI:
+      if (lgsp.sni.empty()) {
+        std::tie(p, last) = copy('-', p, last);
+        break;
+      }
+      std::tie(p, last) = copy_escape(lgsp.sni, p, last);
+      break;
    case SHRPX_LOGF_BACKEND_HOST:
      if (!downstream_addr) {
        std::tie(p, last) = copy('-', p, last);
--- a/src/shrpx_log.h
+++ b/src/shrpx_log.h
@ -137,6 +137,7 @@ enum LogFragmentType {
  SHRPX_LOGF_SSL_SESSION_ID = SHRPX_LOGF_TLS_SESSION_ID,
  SHRPX_LOGF_TLS_SESSION_REUSED,
  SHRPX_LOGF_SSL_SESSION_REUSED = SHRPX_LOGF_TLS_SESSION_REUSED,
+  SHRPX_LOGF_TLS_SNI,
  SHRPX_LOGF_BACKEND_HOST,
  SHRPX_LOGF_BACKEND_PORT,
 };
@ -152,6 +153,7 @@ struct LogSpec {
  Downstream *downstream;
  StringRef remote_addr;
  StringRef alpn;
+  StringRef sni;
  const nghttp2::tls::TLSSessionInfo *tls_info;
  std::chrono::high_resolution_clock::time_point request_end_time;
  StringRef remote_port;