You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by sh...@apache.org on 2015/08/10 22:52:08 UTC
trafficserver git commit: TS-3648 Desire support for client TLS
cipher in custom log format. This closes #252.
Repository: trafficserver
Updated Branches:
refs/heads/master e985569ae -> b597f9cfa
TS-3648 Desire support for client TLS cipher in custom log format. This closes #252.
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/b597f9cf
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/b597f9cf
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/b597f9cf
Branch: refs/heads/master
Commit: b597f9cfa8148df6eb787b8f872a8bd20d0f9492
Parents: e985569
Author: Acácio Centeno <ac...@gmail.com>
Authored: Thu Sep 25 16:23:31 2014 +0000
Committer: shinrich <sh...@yahoo-inc.com>
Committed: Mon Aug 10 15:51:32 2015 -0500
----------------------------------------------------------------------
doc/admin/event-logging-formats.en.rst | 10 ++++++++++
iocore/net/P_SSLNetVConnection.h | 16 ++++++++++++++++
proxy/http/HttpSM.cc | 8 +++++---
proxy/http/HttpSM.h | 4 ++++
proxy/logging/Log.cc | 10 ++++++++++
proxy/logging/LogAccess.cc | 14 ++++++++++++++
proxy/logging/LogAccess.h | 2 ++
proxy/logging/LogAccessHttp.cc | 26 ++++++++++++++++++++++++++
proxy/logging/LogAccessHttp.h | 2 ++
9 files changed, 89 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/b597f9cf/doc/admin/event-logging-formats.en.rst
----------------------------------------------------------------------
diff --git a/doc/admin/event-logging-formats.en.rst b/doc/admin/event-logging-formats.en.rst
index 1bb1382..fee875e 100644
--- a/doc/admin/event-logging-formats.en.rst
+++ b/doc/admin/event-logging-formats.en.rst
@@ -203,6 +203,16 @@ The following list describes Traffic Server custom logging fields.
The SSL session/ticket reused status; indicates if this request hit
the SSL session/ticket and avoided a full SSL handshake.
+.. _cqssv:
+
+``cqssv``
+ The SSL/TLS version used to communicate with the client.
+
+.. _cqssc:
+
+``cqssc``
+ The cipher used by ATS to communicate with the client over SSL.
+
.. _cqtx:
``cqtx``
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/b597f9cf/iocore/net/P_SSLNetVConnection.h
----------------------------------------------------------------------
diff --git a/iocore/net/P_SSLNetVConnection.h b/iocore/net/P_SSLNetVConnection.h
index 57c9a6b..853f097 100644
--- a/iocore/net/P_SSLNetVConnection.h
+++ b/iocore/net/P_SSLNetVConnection.h
@@ -267,6 +267,22 @@ public:
bool computeSSLTrace();
+ const char *
+ getSSLProtocol(void) const
+ {
+ if (ssl == NULL)
+ return NULL;
+ return SSL_get_version(ssl);
+ };
+
+ const char *
+ getSSLCipherSuite(void) const
+ {
+ if (ssl == NULL)
+ return NULL;
+ return SSL_get_cipher_name(ssl);
+ }
+
private:
SSLNetVConnection(const SSLNetVConnection &);
SSLNetVConnection &operator=(const SSLNetVConnection &);
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/b597f9cf/proxy/http/HttpSM.cc
----------------------------------------------------------------------
diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc
index 8ba5eaa..156e696 100644
--- a/proxy/http/HttpSM.cc
+++ b/proxy/http/HttpSM.cc
@@ -277,9 +277,9 @@ HttpSM::HttpSM()
client_request_hdr_bytes(0), client_request_body_bytes(0), server_request_hdr_bytes(0), server_request_body_bytes(0),
server_response_hdr_bytes(0), server_response_body_bytes(0), client_response_hdr_bytes(0), client_response_body_bytes(0),
cache_response_hdr_bytes(0), cache_response_body_bytes(0), pushed_response_hdr_bytes(0), pushed_response_body_bytes(0),
- client_tcp_reused(false), client_ssl_reused(false), client_connection_is_ssl(false), plugin_tag(0), plugin_id(0),
- hooks_set(false), cur_hook_id(TS_HTTP_LAST_HOOK), cur_hook(NULL), cur_hooks(0), callout_state(HTTP_API_NO_CALLOUT),
- terminate_sm(false), kill_this_async_done(false), parse_range_done(false)
+ client_tcp_reused(false), client_ssl_reused(false), client_connection_is_ssl(false), client_sec_protocol("-"),
+ client_cipher_suite("-"), plugin_tag(0), plugin_id(0), hooks_set(false), cur_hook_id(TS_HTTP_LAST_HOOK), cur_hook(NULL),
+ cur_hooks(0), callout_state(HTTP_API_NO_CALLOUT), terminate_sm(false), kill_this_async_done(false), parse_range_done(false)
{
memset(&history, 0, sizeof(history));
memset(&vc_table, 0, sizeof(vc_table));
@@ -481,6 +481,8 @@ HttpSM::attach_client_session(HttpClientSession *client_vc, IOBufferReader *buff
if (ssl_vc != NULL) {
client_connection_is_ssl = true;
client_ssl_reused = ssl_vc->getSSLSessionCacheHit();
+ client_sec_protocol = ssl_vc->getSSLProtocol();
+ client_cipher_suite = ssl_vc->getSSLCipherSuite();
}
ink_release_assert(ua_session->get_half_close_flag() == false);
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/b597f9cf/proxy/http/HttpSM.h
----------------------------------------------------------------------
diff --git a/proxy/http/HttpSM.h b/proxy/http/HttpSM.h
index 38e7bac..605341d 100644
--- a/proxy/http/HttpSM.h
+++ b/proxy/http/HttpSM.h
@@ -494,8 +494,12 @@ public:
int pushed_response_hdr_bytes;
int64_t pushed_response_body_bytes;
bool client_tcp_reused;
+ // Info about client's SSL connection.
bool client_ssl_reused;
bool client_connection_is_ssl;
+ const char *client_sec_protocol;
+ const char *client_cipher_suite;
+
TransactionMilestones milestones;
ink_hrtime api_timer;
// The next two enable plugins to tag the state machine for
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/b597f9cf/proxy/logging/Log.cc
----------------------------------------------------------------------
diff --git a/proxy/logging/Log.cc b/proxy/logging/Log.cc
index 4f919e7..598ec6b 100644
--- a/proxy/logging/Log.cc
+++ b/proxy/logging/Log.cc
@@ -488,6 +488,16 @@ Log::init_fields()
global_field_list.add(field, false);
ink_hash_table_insert(field_symbol_hash, "cqssr", field);
+ field = new LogField("client_sec_protocol", "cqssv", LogField::STRING, &LogAccess::marshal_client_security_protocol,
+ (LogField::UnmarshalFunc) & LogAccess::unmarshal_str);
+ global_field_list.add(field, false);
+ ink_hash_table_insert(field_symbol_hash, "cqssv", field);
+
+ field = new LogField("client_cipher_suite", "cqssc", LogField::STRING, &LogAccess::marshal_client_security_cipher_suite,
+ (LogField::UnmarshalFunc) & LogAccess::unmarshal_str);
+ global_field_list.add(field, false);
+ ink_hash_table_insert(field_symbol_hash, "cqssc", field);
+
Ptr<LogFieldAliasTable> finish_status_map = make_ptr(new LogFieldAliasTable);
finish_status_map->init(N_LOG_FINISH_CODE_TYPES, LOG_FINISH_FIN, "FIN", LOG_FINISH_INTR, "INTR", LOG_FINISH_TIMEOUT, "TIMEOUT");
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/b597f9cf/proxy/logging/LogAccess.cc
----------------------------------------------------------------------
diff --git a/proxy/logging/LogAccess.cc b/proxy/logging/LogAccess.cc
index 56b42bd..8264c47 100644
--- a/proxy/logging/LogAccess.cc
+++ b/proxy/logging/LogAccess.cc
@@ -274,6 +274,20 @@ LogAccess::marshal_client_req_ssl_reused(char *buf)
}
/*-------------------------------------------------------------------------
+-------------------------------------------------------------------------*/
+int
+LogAccess::marshal_client_security_protocol(char *buf)
+{
+ DEFAULT_STR_FIELD;
+}
+
+int
+LogAccess::marshal_client_security_cipher_suite(char *buf)
+{
+ DEFAULT_STR_FIELD;
+}
+
+/*-------------------------------------------------------------------------
-------------------------------------------------------------------------*/
int
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/b597f9cf/proxy/logging/LogAccess.h
----------------------------------------------------------------------
diff --git a/proxy/logging/LogAccess.h b/proxy/logging/LogAccess.h
index 03a91bc..45459c6 100644
--- a/proxy/logging/LogAccess.h
+++ b/proxy/logging/LogAccess.h
@@ -193,6 +193,8 @@ public:
inkcoreapi virtual int marshal_client_req_is_ssl(char *); // INT
inkcoreapi virtual int marshal_client_req_ssl_reused(char *); // INT
inkcoreapi virtual int marshal_client_finish_status_code(char *); // INT
+ inkcoreapi virtual int marshal_client_security_protocol(char *); // STR
+ inkcoreapi virtual int marshal_client_security_cipher_suite(char *); // STR
//
// proxy -> client fields
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/b597f9cf/proxy/logging/LogAccessHttp.cc
----------------------------------------------------------------------
diff --git a/proxy/logging/LogAccessHttp.cc b/proxy/logging/LogAccessHttp.cc
index ec0cc7f..ba8b7de 100644
--- a/proxy/logging/LogAccessHttp.cc
+++ b/proxy/logging/LogAccessHttp.cc
@@ -707,6 +707,32 @@ LogAccessHttp::marshal_client_finish_status_code(char *buf)
}
/*-------------------------------------------------------------------------
+-------------------------------------------------------------------------*/
+int
+LogAccessHttp::marshal_client_security_protocol(char *buf)
+{
+ int round_len = INK_MIN_ALIGN;
+ if (buf) {
+ const char *proto = m_http_sm->client_sec_protocol;
+ round_len = LogAccess::strlen(proto);
+ marshal_str(buf, proto, round_len);
+ }
+ return round_len;
+}
+
+int
+LogAccessHttp::marshal_client_security_cipher_suite(char *buf)
+{
+ int round_len = INK_MIN_ALIGN;
+ if (buf) {
+ const char *cipher = m_http_sm->client_cipher_suite;
+ round_len = LogAccess::strlen(cipher);
+ marshal_str(buf, cipher, round_len);
+ }
+ return round_len;
+}
+
+/*-------------------------------------------------------------------------
-------------------------------------------------------------------------*/
int
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/b597f9cf/proxy/logging/LogAccessHttp.h
----------------------------------------------------------------------
diff --git a/proxy/logging/LogAccessHttp.h b/proxy/logging/LogAccessHttp.h
index 7e7927d..20a4ea6 100644
--- a/proxy/logging/LogAccessHttp.h
+++ b/proxy/logging/LogAccessHttp.h
@@ -76,6 +76,8 @@ public:
virtual int marshal_client_req_is_ssl(char *); // INT
virtual int marshal_client_req_ssl_reused(char *); // INT
virtual int marshal_client_finish_status_code(char *); // INT
+ virtual int marshal_client_security_protocol(char *); // STR
+ virtual int marshal_client_security_cipher_suite(char *); // STR
//
// proxy -> client fields