nghttpx: Add $tls_sni access log variable

This commit is contained in:
Tatsuhiro Tsujikawa 2017-04-18 22:44:26 +09:00
parent a4a2b6403b
commit a2e35a0757
6 changed files with 17 additions and 1 deletions

View File

@ -188,6 +188,7 @@ LOGVARS = [
"tls_protocol", "tls_protocol",
"tls_session_id", "tls_session_id",
"tls_session_reused", "tls_session_reused",
"tls_sni",
"backend_host", "backend_host",
"backend_port", "backend_port",
] ]

View File

@ -2452,6 +2452,7 @@ Logging:
* $tls_session_id: session ID for SSL/TLS connection. * $tls_session_id: session ID for SSL/TLS connection.
* $tls_session_reused: "r" if SSL/TLS session was * $tls_session_reused: "r" if SSL/TLS session was
reused. Otherwise, "." reused. Otherwise, "."
* $tls_sni: SNI server name for SSL/TLS connection.
* $backend_host: backend host used to fulfill the * $backend_host: backend host used to fulfill the
request. "-" if backend host is not available. request. "-" if backend host is not available.
* $backend_port: backend port used to fulfill the * $backend_port: backend port used to fulfill the

View File

@ -1216,7 +1216,7 @@ void ClientHandler::write_accesslog(Downstream *downstream) {
upstream_accesslog( upstream_accesslog(
config->logging.access.format, config->logging.access.format,
LogSpec{ LogSpec{
downstream, ipaddr_, alpn_, downstream, ipaddr_, alpn_, sni_,
nghttp2::tls::get_tls_session_info(&tls_info, conn_.tls.ssl), nghttp2::tls::get_tls_session_info(&tls_info, conn_.tls.ssl),
std::chrono::high_resolution_clock::now(), // request_end_time std::chrono::high_resolution_clock::now(), // request_end_time
port_, faddr_->port, config->pid, port_, faddr_->port, config->pid,

View File

@ -401,6 +401,11 @@ LogFragmentType log_var_lookup_token(const char *name, size_t namelen) {
break; break;
case 7: case 7:
switch (name[6]) { switch (name[6]) {
case 'i':
if (util::strieq_l("tls_sn", name, 6)) {
return SHRPX_LOGF_TLS_SNI;
}
break;
case 't': case 't':
if (util::strieq_l("reques", name, 6)) { if (util::strieq_l("reques", name, 6)) {
return SHRPX_LOGF_REQUEST; return SHRPX_LOGF_REQUEST;

View File

@ -518,6 +518,13 @@ void upstream_accesslog(const std::vector<LogFragment> &lfv,
std::tie(p, last) = std::tie(p, last) =
copy(lgsp.tls_info->session_reused ? 'r' : '.', p, last); copy(lgsp.tls_info->session_reused ? 'r' : '.', p, last);
break; break;
case SHRPX_LOGF_TLS_SNI:
if (lgsp.sni.empty()) {
std::tie(p, last) = copy('-', p, last);
break;
}
std::tie(p, last) = copy_escape(lgsp.sni, p, last);
break;
case SHRPX_LOGF_BACKEND_HOST: case SHRPX_LOGF_BACKEND_HOST:
if (!downstream_addr) { if (!downstream_addr) {
std::tie(p, last) = copy('-', p, last); std::tie(p, last) = copy('-', p, last);

View File

@ -137,6 +137,7 @@ enum LogFragmentType {
SHRPX_LOGF_SSL_SESSION_ID = SHRPX_LOGF_TLS_SESSION_ID, SHRPX_LOGF_SSL_SESSION_ID = SHRPX_LOGF_TLS_SESSION_ID,
SHRPX_LOGF_TLS_SESSION_REUSED, SHRPX_LOGF_TLS_SESSION_REUSED,
SHRPX_LOGF_SSL_SESSION_REUSED = SHRPX_LOGF_TLS_SESSION_REUSED, SHRPX_LOGF_SSL_SESSION_REUSED = SHRPX_LOGF_TLS_SESSION_REUSED,
SHRPX_LOGF_TLS_SNI,
SHRPX_LOGF_BACKEND_HOST, SHRPX_LOGF_BACKEND_HOST,
SHRPX_LOGF_BACKEND_PORT, SHRPX_LOGF_BACKEND_PORT,
}; };
@ -152,6 +153,7 @@ struct LogSpec {
Downstream *downstream; Downstream *downstream;
StringRef remote_addr; StringRef remote_addr;
StringRef alpn; StringRef alpn;
StringRef sni;
const nghttp2::tls::TLSSessionInfo *tls_info; const nghttp2::tls::TLSSessionInfo *tls_info;
std::chrono::high_resolution_clock::time_point request_end_time; std::chrono::high_resolution_clock::time_point request_end_time;
StringRef remote_port; StringRef remote_port;