From 938f692c486c60631762236ab2041001ad445494 Mon Sep 17 00:00:00 2001 From: Andy Green Date: Sun, 13 Oct 2019 18:08:28 +0100 Subject: [PATCH] adopt: improve logging of server adopt fail This is usually something that either couldn't negotate tls at all or compatible tls parameters. Log the vhost it came in on and the IP. --- include/libwebsockets/lws-network-helper.h | 3 ++ lib/core-net/adopt.c | 10 +++++ lib/core-net/network.c | 49 ++++++++-------------- lib/core-net/private-lib-core-net.h | 4 ++ lib/roles/http/server/access-log.c | 17 +++----- lib/roles/listen/ops-listen.c | 5 ++- 6 files changed, 44 insertions(+), 44 deletions(-) diff --git a/include/libwebsockets/lws-network-helper.h b/include/libwebsockets/lws-network-helper.h index 8a43031f8..c023c62e2 100644 --- a/include/libwebsockets/lws-network-helper.h +++ b/include/libwebsockets/lws-network-helper.h @@ -79,6 +79,9 @@ lws_get_peer_addresses(struct lws *wsi, lws_sockfd_type fd, char *name, LWS_VISIBLE LWS_EXTERN const char * lws_get_peer_simple(struct lws *wsi, char *name, int namelen); +LWS_VISIBLE LWS_EXTERN const char * +lws_get_peer_simple_fd(int fd, char *name, int namelen); + #define LWS_ITOSA_USABLE 0 #define LWS_ITOSA_NOT_EXIST -1 #define LWS_ITOSA_NOT_USABLE -2 diff --git a/lib/core-net/adopt.c b/lib/core-net/adopt.c index 538a58b9f..2a7468d18 100644 --- a/lib/core-net/adopt.c +++ b/lib/core-net/adopt.c @@ -260,7 +260,12 @@ lws_adopt_descriptor_vhost2(struct lws *new_wsi, lws_adoption_type type, #if defined(LWS_WITH_SERVER) else if (lws_server_socket_service_ssl(new_wsi, fd.sockfd)) { +#if defined(LWS_WITH_ACCESS_LOG) + lwsl_notice("%s: fail ssl negotiation: %s\n", __func__, + new_wsi->simple_ip); +#else lwsl_info("%s: fail ssl negotiation\n", __func__); +#endif goto fail; } #endif @@ -333,6 +338,11 @@ lws_adopt_descriptor_vhost(struct lws_vhost *vh, lws_adoption_type type, return NULL; } +#if defined(LWS_WITH_ACCESS_LOG) + lws_get_peer_simple_fd(fd.sockfd, new_wsi->simple_ip, + sizeof(new_wsi->simple_ip)); +#endif + #if defined(LWS_WITH_PEER_LIMITS) if (peer) lws_peer_add_wsi(vh->context, peer, new_wsi); diff --git a/lib/core-net/network.c b/lib/core-net/network.c index 91a988660..180297297 100644 --- a/lib/core-net/network.c +++ b/lib/core-net/network.c @@ -111,41 +111,28 @@ lws_get_addresses(struct lws_vhost *vh, void *ads, char *name, return 0; } +const char * +lws_get_peer_simple_fd(int fd, char *name, int namelen) +{ + lws_sockaddr46 sa46; + socklen_t len = sizeof(sa46); -LWS_VISIBLE const char * + if (getpeername(fd, (struct sockaddr *)&sa46, &len) < 0) { + lws_snprintf(name, namelen, "getpeername: %s", + strerror(LWS_ERRNO)); + return name; + } + + lws_sa46_write_numeric_address(&sa46, name, namelen); + + return name; +} + +const char * lws_get_peer_simple(struct lws *wsi, char *name, int namelen) { - socklen_t len, olen; -#ifdef LWS_WITH_IPV6 - struct sockaddr_in6 sin6; -#endif - struct sockaddr_in sin4; - int af = AF_INET; - void *p, *q; - wsi = lws_get_network_wsi(wsi); - -#ifdef LWS_WITH_IPV6 - if (LWS_IPV6_ENABLED(wsi->vhost)) { - len = sizeof(sin6); - p = &sin6; - af = AF_INET6; - q = &sin6.sin6_addr; - } else -#endif - { - len = sizeof(sin4); - p = &sin4; - q = &sin4.sin_addr; - } - - olen = len; - if (getpeername(wsi->desc.sockfd, p, &len) < 0 || len > olen) { - lwsl_warn("getpeername: %s\n", strerror(LWS_ERRNO)); - return NULL; - } - - return lws_plat_inet_ntop(af, q, name, namelen); + return lws_get_peer_simple_fd(wsi->desc.sockfd, name, namelen); } #endif diff --git a/lib/core-net/private-lib-core-net.h b/lib/core-net/private-lib-core-net.h index bd3656855..4dc8ec644 100644 --- a/lib/core-net/private-lib-core-net.h +++ b/lib/core-net/private-lib-core-net.h @@ -626,6 +626,10 @@ struct lws { struct lws_dll2_owner dll2_cli_txn_queue_owner; struct lws_dll2 dll2_cli_txn_queue; #endif + +#if defined(LWS_WITH_ACCESS_LOG) + char simple_ip[(8 * 5)]; +#endif /* pointers */ struct lws_context *context; diff --git a/lib/roles/http/server/access-log.c b/lib/roles/http/server/access-log.c index c76e6564e..f59dbaabf 100644 --- a/lib/roles/http/server/access-log.c +++ b/lib/roles/http/server/access-log.c @@ -44,14 +44,10 @@ void lws_prepare_access_log_info(struct lws *wsi, char *uri_ptr, int uri_len, int meth) { char da[64], uri[256]; - const char *pa, *me; time_t t = time(NULL); + struct lws *nwsi; + const char *me; int l = 256, m; -#ifdef LWS_WITH_IPV6 - char ads[INET6_ADDRSTRLEN]; -#else - char ads[INET_ADDRSTRLEN]; -#endif struct tm *tmp; if (!wsi->vhost) @@ -74,10 +70,6 @@ lws_prepare_access_log_info(struct lws *wsi, char *uri_ptr, int uri_len, int met else strcpy(da, "01/Jan/1970:00:00:00 +0000"); - pa = lws_get_peer_simple(wsi, ads, sizeof(ads)); - if (!pa) - pa = "(unknown)"; - if (wsi->http2_substream) me = lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_COLON_METHOD); else @@ -92,9 +84,12 @@ lws_prepare_access_log_info(struct lws *wsi, char *uri_ptr, int uri_len, int met strncpy(uri, uri_ptr, m); uri[m] = '\0'; + nwsi = lws_get_network_wsi(wsi); + lws_snprintf(wsi->http.access_log.header_log, l, "%s - - [%s] \"%s %s %s\"", - pa, da, me, uri, hver[wsi->http.request_version]); + nwsi->simple_ip[0] ? nwsi->simple_ip : "unknown", da, me, uri, + hver[wsi->http.request_version]); //lwsl_notice("%s\n", wsi->http.access_log.header_log); diff --git a/lib/roles/listen/ops-listen.c b/lib/roles/listen/ops-listen.c index cc1fa519f..4e16540c8 100644 --- a/lib/roles/listen/ops-listen.c +++ b/lib/roles/listen/ops-listen.c @@ -143,8 +143,9 @@ rops_handle_POLLIN_listen(struct lws_context_per_thread *pt, struct lws *wsi, cwsi = lws_adopt_descriptor_vhost(wsi->vhost, opts, fd, NULL, NULL); if (!cwsi) { - lwsl_err("%s: lws_adopt_descriptor_vhost failed\n", - __func__); + lwsl_info("%s: vh %s: adopt failed\n", __func__, + wsi->vhost->name); + /* already closed cleanly as necessary */ return LWS_HPI_RET_WSI_ALREADY_DIED; }