kore/src/accesslog.c

/*
 * Copyright (c) 2013-2018 Joris Vink <joris@coders.se>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include <sys/socket.h>

#include <poll.h>
#include <time.h>

#include "kore.h"
#include "http.h"

struct kore_log_packet {
	u_int8_t	method;
	int		status;
	size_t		length;
	u_int8_t	addrtype;
	u_int8_t	addr[sizeof(struct in6_addr)];
	char		host[KORE_DOMAINNAME_LEN];
	char		path[HTTP_URI_LEN];
	char		agent[HTTP_USERAGENT_LEN];
	char		referer[HTTP_REFERER_LEN];
#if !defined(KORE_NO_TLS)
	char		cn[X509_CN_LENGTH];
#endif
};

void
kore_accesslog_init(void)
{
}

void
kore_accesslog_worker_init(void)
{
	kore_domain_closelogs();
}

int
kore_accesslog_write(const void *data, u_int32_t len)
{
	int			l;
	time_t			now;
	struct tm		*tm;
	ssize_t			sent;
	struct kore_domain	*dom;
	struct kore_log_packet	logpacket;
	char			*method, *buf, *cn;
	char			addr[INET6_ADDRSTRLEN], tbuf[128];

	if (len != sizeof(struct kore_log_packet))
		return (KORE_RESULT_ERROR);

	(void)memcpy(&logpacket, data, sizeof(logpacket));

	if ((dom = kore_domain_lookup(logpacket.host)) == NULL) {
		kore_log(LOG_WARNING,
		    "got accesslog packet for unknown domain: %s",
		    logpacket.host);
		return (KORE_RESULT_OK);
	}

	switch (logpacket.method) {
	case HTTP_METHOD_GET:
		method = "GET";
		break;
	case HTTP_METHOD_POST:
		method = "POST";
		break;
	case HTTP_METHOD_PUT:
		method = "PUT";
		break;
	case HTTP_METHOD_DELETE:
		method = "DELETE";
		break;
	case HTTP_METHOD_HEAD:
		method = "HEAD";
		break;
	case HTTP_METHOD_PATCH:
		method = "PATCH";
		break;
	default:
		method = "UNKNOWN";
		break;
	}

	cn = "-";
#if !defined(KORE_NO_TLS)
	if (logpacket.cn[0] != '\0')
		cn = logpacket.cn;
#endif

	if (inet_ntop(logpacket.addrtype, &(logpacket.addr),
	    addr, sizeof(addr)) == NULL)
		(void)kore_strlcpy(addr, "-", sizeof(addr));

	time(&now);
	tm = localtime(&now);
	(void)strftime(tbuf, sizeof(tbuf), "%d/%b/%Y:%H:%M:%S %z", tm);

	l = asprintf(&buf,
	    "%s - %s [%s] \"%s %s HTTP/1.1\" %d %zu \"%s\" \"%s\"\n",
	    addr, cn, tbuf, method, logpacket.path, logpacket.status,
	    logpacket.length, logpacket.referer, logpacket.agent);
	if (l == -1) {
		kore_log(LOG_WARNING,
		    "kore_accesslog_write(): asprintf(): %s", errno_s);
		return (KORE_RESULT_ERROR);
	}

	sent = write(dom->accesslog, buf, l);
	if (sent == -1) {
		free(buf);
		kore_log(LOG_WARNING,
		    "kore_accesslog_write(): write(): %s", errno_s);
		return (KORE_RESULT_ERROR);
	}

	if (sent != l)
		kore_log(LOG_WARNING, "kore_accesslog_write(): short write");

	free(buf);
	return (KORE_RESULT_OK);
}

void
kore_accesslog(struct http_request *req)
{
	struct kore_log_packet	logpacket;

	logpacket.addrtype = req->owner->addrtype;
	if (logpacket.addrtype == AF_INET) {
		memcpy(logpacket.addr,
		    &(req->owner->addr.ipv4.sin_addr),
		    sizeof(req->owner->addr.ipv4.sin_addr));
	} else {
		memcpy(logpacket.addr,
		    &(req->owner->addr.ipv6.sin6_addr),
		    sizeof(req->owner->addr.ipv6.sin6_addr));
	}

	logpacket.status = req->status;
	logpacket.method = req->method;
	logpacket.length = req->content_length;

	if (kore_strlcpy(logpacket.host,
	    req->host, sizeof(logpacket.host)) >= sizeof(logpacket.host))
		kore_log(LOG_NOTICE, "kore_accesslog: host truncated");

	if (kore_strlcpy(logpacket.path,
	    req->path, sizeof(logpacket.path)) >= sizeof(logpacket.path))
		kore_log(LOG_NOTICE, "kore_accesslog: path truncated");

	if (req->agent != NULL) {
		if (kore_strlcpy(logpacket.agent, req->agent,
		    sizeof(logpacket.agent)) >= sizeof(logpacket.agent))
			kore_log(LOG_NOTICE, "kore_accesslog: agent truncated");
	} else {
		(void)kore_strlcpy(logpacket.agent, "-",
		    sizeof(logpacket.agent));
	}

	if (req->referer != NULL) {
		if (kore_strlcpy(logpacket.referer, req->referer,
		    sizeof(logpacket.referer)) >= sizeof(logpacket.referer)) {
			kore_log(LOG_NOTICE,
			    "kore_accesslog: referer truncated");
		}
	} else {
		(void)kore_strlcpy(logpacket.referer, "-",
		    sizeof(logpacket.referer));
	}

#if !defined(KORE_NO_TLS)
	memset(logpacket.cn, '\0', sizeof(logpacket.cn));
	if (req->owner->cert != NULL) {
		if (X509_GET_CN(req->owner->cert,
		    logpacket.cn, sizeof(logpacket.cn)) == -1) {
			kore_log(LOG_WARNING, "client cert without a CN?");
		}
	}
#endif

	kore_msg_send(KORE_MSG_PARENT,
	    KORE_MSG_ACCESSLOG, &logpacket, sizeof(logpacket));
}
Add access logging to Kore. 2013-06-24 09:36:40 +02:00			`/*`
2018 2018-01-20 22:51:06 +01:00			`* Copyright (c) 2013-2018 Joris Vink <joris@coders.se>`
Add access logging to Kore. 2013-06-24 09:36:40 +02:00			`*`
			`* Permission to use, copy, modify, and distribute this software for any`
			`* purpose with or without fee is hereby granted, provided that the above`
			`* copyright notice and this permission notice appear in all copies.`
			`*`
			`* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES`
			`* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF`
			`* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR`
			`* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES`
			`* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN`
			`* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF`
			`* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.`
			`*/`

			`#include <sys/socket.h>`

			`#include <poll.h>`
correct headers. 2016-01-07 09:24:45 +01:00			`#include <time.h>`
Add access logging to Kore. 2013-06-24 09:36:40 +02:00
			`#include "kore.h"`
			`#include "http.h"`

			`struct kore_log_packet {`
			`u_int8_t method;`
			`int status;`
Change accesslog format to Combined Log Format. 2018-06-28 14:25:32 +02:00			`size_t length;`
add IPv6 support and support for multiple listeners. 2013-07-27 20:56:15 +02:00			`u_int8_t addrtype;`
			`u_int8_t addr[sizeof(struct in6_addr)];`
Add access logging to Kore. 2013-06-24 09:36:40 +02:00			`char host[KORE_DOMAINNAME_LEN];`
			`char path[HTTP_URI_LEN];`
			`char agent[HTTP_USERAGENT_LEN];`
log referer in accesslog if present. 2018-06-29 22:37:48 +02:00			`char referer[HTTP_REFERER_LEN];`
Reduce memory footprint for NOTLS builds. 2016-01-07 09:20:09 +01:00			`#if !defined(KORE_NO_TLS)`
Improvements for client certificates. Double check we actually get a certificate if we are asking for one. Even though we set SSL_VERIFY_FAIL_IF_NO_PEER_CERT it's a sane thing to do. Start logging the CN for the received client certificate in the access logs. As a bonus re-arrange some accesslog stuff for sanity. 2014-03-05 11:38:47 +01:00			`char cn[X509_CN_LENGTH];`
Reduce memory footprint for NOTLS builds. 2016-01-07 09:20:09 +01:00			`#endif`
Add access logging to Kore. 2013-06-24 09:36:40 +02:00			`};`

			`void`
			`kore_accesslog_init(void)`
			`{`
			`}`

			`void`
			`kore_accesslog_worker_init(void)`
			`{`
add SNI support, and change domain configuration a bit. 2013-06-24 11:32:45 +02:00			`kore_domain_closelogs();`
Add access logging to Kore. 2013-06-24 09:36:40 +02:00			`}`

			`int`
Improvements to our message framework. Change the callback prototypes to: void callback(struct kore_msg msg, const void data); This allows the callbacks to receive the full kore_msg data structure as sent over the wire (including length and id). Useful for future additions to the kore_msg structure (such as worker origin). Several other improvements: * Accesslog now uses the msg framework as well. * Websocket WEBSOCKET_BROADCAST_GLOBAL now works. Small websocket improvement in this commit: * Build the frame to be sent only once when broadcasting instead of per connection we are broadcasting towards. 2015-06-23 18:17:14 +02:00			`kore_accesslog_write(const void *data, u_int32_t len)`
Add access logging to Kore. 2013-06-24 09:36:40 +02:00			`{`
Improvements to our message framework. Change the callback prototypes to: void callback(struct kore_msg msg, const void data); This allows the callbacks to receive the full kore_msg data structure as sent over the wire (including length and id). Useful for future additions to the kore_msg structure (such as worker origin). Several other improvements: * Accesslog now uses the msg framework as well. * Websocket WEBSOCKET_BROADCAST_GLOBAL now works. Small websocket improvement in this commit: * Build the frame to be sent only once when broadcasting instead of per connection we are broadcasting towards. 2015-06-23 18:17:14 +02:00			`int l;`
Add access logging to Kore. 2013-06-24 09:36:40 +02:00			`time_t now;`
Change accesslog format to Combined Log Format. 2018-06-28 14:25:32 +02:00			`struct tm *tm;`
Improvements to our message framework. Change the callback prototypes to: void callback(struct kore_msg msg, const void data); This allows the callbacks to receive the full kore_msg data structure as sent over the wire (including length and id). Useful for future additions to the kore_msg structure (such as worker origin). Several other improvements: * Accesslog now uses the msg framework as well. * Websocket WEBSOCKET_BROADCAST_GLOBAL now works. Small websocket improvement in this commit: * Build the frame to be sent only once when broadcasting instead of per connection we are broadcasting towards. 2015-06-23 18:17:14 +02:00			`ssize_t sent;`
add SNI support, and change domain configuration a bit. 2013-06-24 11:32:45 +02:00			`struct kore_domain *dom;`
Add access logging to Kore. 2013-06-24 09:36:40 +02:00			`struct kore_log_packet logpacket;`
Change accesslog format to Combined Log Format. 2018-06-28 14:25:32 +02:00			`char method, buf, *cn;`
			`char addr[INET6_ADDRSTRLEN], tbuf[128];`
Add access logging to Kore. 2013-06-24 09:36:40 +02:00
Improvements to our message framework. Change the callback prototypes to: void callback(struct kore_msg msg, const void data); This allows the callbacks to receive the full kore_msg data structure as sent over the wire (including length and id). Useful for future additions to the kore_msg structure (such as worker origin). Several other improvements: * Accesslog now uses the msg framework as well. * Websocket WEBSOCKET_BROADCAST_GLOBAL now works. Small websocket improvement in this commit: * Build the frame to be sent only once when broadcasting instead of per connection we are broadcasting towards. 2015-06-23 18:17:14 +02:00			`if (len != sizeof(struct kore_log_packet))`
Add access logging to Kore. 2013-06-24 09:36:40 +02:00			`return (KORE_RESULT_ERROR);`

Improvements to our message framework. Change the callback prototypes to: void callback(struct kore_msg msg, const void data); This allows the callbacks to receive the full kore_msg data structure as sent over the wire (including length and id). Useful for future additions to the kore_msg structure (such as worker origin). Several other improvements: * Accesslog now uses the msg framework as well. * Websocket WEBSOCKET_BROADCAST_GLOBAL now works. Small websocket improvement in this commit: * Build the frame to be sent only once when broadcasting instead of per connection we are broadcasting towards. 2015-06-23 18:17:14 +02:00			`(void)memcpy(&logpacket, data, sizeof(logpacket));`
Add access logging to Kore. 2013-06-24 09:36:40 +02:00
add SNI support, and change domain configuration a bit. 2013-06-24 11:32:45 +02:00			`if ((dom = kore_domain_lookup(logpacket.host)) == NULL) {`
Add access logging to Kore. 2013-06-24 09:36:40 +02:00			`kore_log(LOG_WARNING,`
			`"got accesslog packet for unknown domain: %s",`
			`logpacket.host);`
			`return (KORE_RESULT_OK);`
			`}`

Improvements for client certificates. Double check we actually get a certificate if we are asking for one. Even though we set SSL_VERIFY_FAIL_IF_NO_PEER_CERT it's a sane thing to do. Start logging the CN for the received client certificate in the access logs. As a bonus re-arrange some accesslog stuff for sanity. 2014-03-05 11:38:47 +01:00			`switch (logpacket.method) {`
			`case HTTP_METHOD_GET:`
Add access logging to Kore. 2013-06-24 09:36:40 +02:00			`method = "GET";`
Improvements for client certificates. Double check we actually get a certificate if we are asking for one. Even though we set SSL_VERIFY_FAIL_IF_NO_PEER_CERT it's a sane thing to do. Start logging the CN for the received client certificate in the access logs. As a bonus re-arrange some accesslog stuff for sanity. 2014-03-05 11:38:47 +01:00			`break;`
			`case HTTP_METHOD_POST:`
Add access logging to Kore. 2013-06-24 09:36:40 +02:00			`method = "POST";`
Improvements for client certificates. Double check we actually get a certificate if we are asking for one. Even though we set SSL_VERIFY_FAIL_IF_NO_PEER_CERT it's a sane thing to do. Start logging the CN for the received client certificate in the access logs. As a bonus re-arrange some accesslog stuff for sanity. 2014-03-05 11:38:47 +01:00			`break;`
Add PUT/DELETE/HEAD methods (finally). This commit renames certain POST centric variable and configuration naming to the correct HTTP body stuff. API changes include http_postbody_text() and http_postbody_bytes() to have become http_body_text() and http_body_bytes(). The developer is still responsible for validating the method their page handler is called with. Hopefully this becomes a configuration option soon enough. 2014-10-08 11:03:14 +02:00			`case HTTP_METHOD_PUT:`
			`method = "PUT";`
			`break;`
			`case HTTP_METHOD_DELETE:`
			`method = "DELETE";`
			`break;`
			`case HTTP_METHOD_HEAD:`
			`method = "HEAD";`
			`break;`
Add patch support (#217) Add PATCH to supported verbs in config and what not. 2018-01-02 22:27:59 +01:00			`case HTTP_METHOD_PATCH:`
			`method = "PATCH";`
			`break;`
Improvements for client certificates. Double check we actually get a certificate if we are asking for one. Even though we set SSL_VERIFY_FAIL_IF_NO_PEER_CERT it's a sane thing to do. Start logging the CN for the received client certificate in the access logs. As a bonus re-arrange some accesslog stuff for sanity. 2014-03-05 11:38:47 +01:00			`default:`
			`method = "UNKNOWN";`
			`break;`
			`}`

Change accesslog format to Combined Log Format. 2018-06-28 14:25:32 +02:00			`cn = "-";`
Reduce memory footprint for NOTLS builds. 2016-01-07 09:20:09 +01:00			`#if !defined(KORE_NO_TLS)`
Improvements for client certificates. Double check we actually get a certificate if we are asking for one. Even though we set SSL_VERIFY_FAIL_IF_NO_PEER_CERT it's a sane thing to do. Start logging the CN for the received client certificate in the access logs. As a bonus re-arrange some accesslog stuff for sanity. 2014-03-05 11:38:47 +01:00			`if (logpacket.cn[0] != '\0')`
			`cn = logpacket.cn;`
Reduce memory footprint for NOTLS builds. 2016-01-07 09:20:09 +01:00			`#endif`
Add access logging to Kore. 2013-06-24 09:36:40 +02:00
add IPv6 support and support for multiple listeners. 2013-07-27 20:56:15 +02:00			`if (inet_ntop(logpacket.addrtype, &(logpacket.addr),`
			`addr, sizeof(addr)) == NULL)`
Change accesslog format to Combined Log Format. 2018-06-28 14:25:32 +02:00			`(void)kore_strlcpy(addr, "-", sizeof(addr));`
add IPv6 support and support for multiple listeners. 2013-07-27 20:56:15 +02:00
Add access logging to Kore. 2013-06-24 09:36:40 +02:00			`time(&now);`
use server time. 2018-06-28 14:52:49 +02:00			`tm = localtime(&now);`
Change accesslog format to Combined Log Format. 2018-06-28 14:25:32 +02:00			`(void)strftime(tbuf, sizeof(tbuf), "%d/%b/%Y:%H:%M:%S %z", tm);`

			`l = asprintf(&buf,`
log referer in accesslog if present. 2018-06-29 22:37:48 +02:00			`"%s - %s [%s] \"%s %s HTTP/1.1\" %d %zu \"%s\" \"%s\"\n",`
Change accesslog format to Combined Log Format. 2018-06-28 14:25:32 +02:00			`addr, cn, tbuf, method, logpacket.path, logpacket.status,`
log referer in accesslog if present. 2018-06-29 22:37:48 +02:00			`logpacket.length, logpacket.referer, logpacket.agent);`
Improvements for client certificates. Double check we actually get a certificate if we are asking for one. Even though we set SSL_VERIFY_FAIL_IF_NO_PEER_CERT it's a sane thing to do. Start logging the CN for the received client certificate in the access logs. As a bonus re-arrange some accesslog stuff for sanity. 2014-03-05 11:38:47 +01:00			`if (l == -1) {`
			`kore_log(LOG_WARNING,`
better error log message 2018-06-28 14:53:43 +02:00			`"kore_accesslog_write(): asprintf(): %s", errno_s);`
Improvements for client certificates. Double check we actually get a certificate if we are asking for one. Even though we set SSL_VERIFY_FAIL_IF_NO_PEER_CERT it's a sane thing to do. Start logging the CN for the received client certificate in the access logs. As a bonus re-arrange some accesslog stuff for sanity. 2014-03-05 11:38:47 +01:00			`return (KORE_RESULT_ERROR);`
			`}`

Improvements to our message framework. Change the callback prototypes to: void callback(struct kore_msg msg, const void data); This allows the callbacks to receive the full kore_msg data structure as sent over the wire (including length and id). Useful for future additions to the kore_msg structure (such as worker origin). Several other improvements: * Accesslog now uses the msg framework as well. * Websocket WEBSOCKET_BROADCAST_GLOBAL now works. Small websocket improvement in this commit: * Build the frame to be sent only once when broadcasting instead of per connection we are broadcasting towards. 2015-06-23 18:17:14 +02:00			`sent = write(dom->accesslog, buf, l);`
			`if (sent == -1) {`
Fix use after free 2014-04-09 14:35:14 +02:00			`free(buf);`
Add access logging to Kore. 2013-06-24 09:36:40 +02:00			`kore_log(LOG_WARNING,`
Improvements to our message framework. Change the callback prototypes to: void callback(struct kore_msg msg, const void data); This allows the callbacks to receive the full kore_msg data structure as sent over the wire (including length and id). Useful for future additions to the kore_msg structure (such as worker origin). Several other improvements: * Accesslog now uses the msg framework as well. * Websocket WEBSOCKET_BROADCAST_GLOBAL now works. Small websocket improvement in this commit: * Build the frame to be sent only once when broadcasting instead of per connection we are broadcasting towards. 2015-06-23 18:17:14 +02:00			`"kore_accesslog_write(): write(): %s", errno_s);`
Add access logging to Kore. 2013-06-24 09:36:40 +02:00			`return (KORE_RESULT_ERROR);`
			`}`

Improvements to our message framework. Change the callback prototypes to: void callback(struct kore_msg msg, const void data); This allows the callbacks to receive the full kore_msg data structure as sent over the wire (including length and id). Useful for future additions to the kore_msg structure (such as worker origin). Several other improvements: * Accesslog now uses the msg framework as well. * Websocket WEBSOCKET_BROADCAST_GLOBAL now works. Small websocket improvement in this commit: * Build the frame to be sent only once when broadcasting instead of per connection we are broadcasting towards. 2015-06-23 18:17:14 +02:00			`if (sent != l)`
Change accesslog format to Combined Log Format. 2018-06-28 14:25:32 +02:00			`kore_log(LOG_WARNING, "kore_accesslog_write(): short write");`
Add access logging to Kore. 2013-06-24 09:36:40 +02:00
Fix use after free 2014-04-09 14:35:14 +02:00			`free(buf);`
Add access logging to Kore. 2013-06-24 09:36:40 +02:00			`return (KORE_RESULT_OK);`
			`}`

			`void`
			`kore_accesslog(struct http_request *req)`
			`{`
			`struct kore_log_packet logpacket;`

add IPv6 support and support for multiple listeners. 2013-07-27 20:56:15 +02:00			`logpacket.addrtype = req->owner->addrtype;`
			`if (logpacket.addrtype == AF_INET) {`
			`memcpy(logpacket.addr,`
			`&(req->owner->addr.ipv4.sin_addr),`
			`sizeof(req->owner->addr.ipv4.sin_addr));`
			`} else {`
			`memcpy(logpacket.addr,`
			`&(req->owner->addr.ipv6.sin6_addr),`
			`sizeof(req->owner->addr.ipv6.sin6_addr));`
			`}`

Add access logging to Kore. 2013-06-24 09:36:40 +02:00			`logpacket.status = req->status;`
			`logpacket.method = req->method;`
Change accesslog format to Combined Log Format. 2018-06-28 14:25:32 +02:00			`logpacket.length = req->content_length;`
Improve kore_strlcpy(). Make it return the original length of the input string so the caller can check for truncation. Also guard against len being 0 as this would not do anything with the destination string (not even NUL terminate it). 2016-07-04 11:41:37 +02:00
			`if (kore_strlcpy(logpacket.host,`
			`req->host, sizeof(logpacket.host)) >= sizeof(logpacket.host))`
			`kore_log(LOG_NOTICE, "kore_accesslog: host truncated");`

			`if (kore_strlcpy(logpacket.path,`
			`req->path, sizeof(logpacket.path)) >= sizeof(logpacket.path))`
			`kore_log(LOG_NOTICE, "kore_accesslog: path truncated");`
do not attempt to log the user-agent if it's not available. 2013-07-05 22:03:05 +02:00
			`if (req->agent != NULL) {`
Improve kore_strlcpy(). Make it return the original length of the input string so the caller can check for truncation. Also guard against len being 0 as this would not do anything with the destination string (not even NUL terminate it). 2016-07-04 11:41:37 +02:00			`if (kore_strlcpy(logpacket.agent, req->agent,`
			`sizeof(logpacket.agent)) >= sizeof(logpacket.agent))`
			`kore_log(LOG_NOTICE, "kore_accesslog: agent truncated");`
do not attempt to log the user-agent if it's not available. 2013-07-05 22:03:05 +02:00			`} else {`
Change accesslog format to Combined Log Format. 2018-06-28 14:25:32 +02:00			`(void)kore_strlcpy(logpacket.agent, "-",`
do not attempt to log the user-agent if it's not available. 2013-07-05 22:03:05 +02:00			`sizeof(logpacket.agent));`
			`}`
Add access logging to Kore. 2013-06-24 09:36:40 +02:00
log referer in accesslog if present. 2018-06-29 22:37:48 +02:00			`if (req->referer != NULL) {`
			`if (kore_strlcpy(logpacket.referer, req->referer,`
			`sizeof(logpacket.referer)) >= sizeof(logpacket.referer)) {`
			`kore_log(LOG_NOTICE,`
			`"kore_accesslog: referer truncated");`
			`}`
			`} else {`
			`(void)kore_strlcpy(logpacket.referer, "-",`
			`sizeof(logpacket.referer));`
			`}`

Call it NOTLS instead. Per @jorisvink's feedback. 2015-05-25 15:42:34 +02:00			`#if !defined(KORE_NO_TLS)`
Reduce memory footprint for NOTLS builds. 2016-01-07 09:20:09 +01:00			`memset(logpacket.cn, '\0', sizeof(logpacket.cn));`
Improvements for client certificates. Double check we actually get a certificate if we are asking for one. Even though we set SSL_VERIFY_FAIL_IF_NO_PEER_CERT it's a sane thing to do. Start logging the CN for the received client certificate in the access logs. As a bonus re-arrange some accesslog stuff for sanity. 2014-03-05 11:38:47 +01:00			`if (req->owner->cert != NULL) {`
			`if (X509_GET_CN(req->owner->cert,`
			`logpacket.cn, sizeof(logpacket.cn)) == -1) {`
			`kore_log(LOG_WARNING, "client cert without a CN?");`
			`}`
			`}`
Add a BENCHMARK compile option which compiles without OpenSSL. Personally use this for testing Kore its performance without letting the OpenSSL stack get in the way too much. Note that it leaves data structures as is, and just removes any calls to OpenSSL (and removes the linking vs OpenSSL). 2014-08-01 10:22:32 +02:00			`#endif`
Improvements for client certificates. Double check we actually get a certificate if we are asking for one. Even though we set SSL_VERIFY_FAIL_IF_NO_PEER_CERT it's a sane thing to do. Start logging the CN for the received client certificate in the access logs. As a bonus re-arrange some accesslog stuff for sanity. 2014-03-05 11:38:47 +01:00
Update message framework with src/dst for workers. One can now send messages to specific workers and receiving workers can see the origin of the messages. 2015-07-06 21:08:36 +02:00			`kore_msg_send(KORE_MSG_PARENT,`
			`KORE_MSG_ACCESSLOG, &logpacket, sizeof(logpacket));`
Add access logging to Kore. 2013-06-24 09:36:40 +02:00			`}`