Make local procinfo run-time optional (-i) and use src host:port

10 years ago · 150650c7e9
parent 42497693d1
commit 150650c7e9
4 changed files with 75 additions and 41 deletions
--- a/main.c
+++ b/main.c
@ -35,6 +35,7 @@
 #include "proxy.h"
 #include "ssl.h"
 #include "nat.h"
+#include "proc.h"
 #include "cachemgr.h"
 #include "sys.h"
 #include "log.h"
@ -144,12 +145,21 @@ main_usage(void)
 "              %%T - initial connection time as an ISO 8601 UTC timestamp\n"
 "              %%d - dest address:port\n"
 "              %%s - source address:port\n"
-"              %%x - base name of local process (skipped if unavailable)\n"
-"              %%X - full path to local process (skipped if unavailable)\n"
-"              %%u - user name or id of local process (skipped if unavailable)\n"
-"              %%g - group name or id of local process (skipped if unavailable)\n"
+#ifdef HAVE_LOCAL_PROCINFO
+"              %%x - base name of local process        (requires -i)\n"
+"              %%X - full path to local process        (requires -i)\n"
+"              %%u - user name or id of local process  (requires -i)\n"
+"              %%g - group name or id of local process (requires -i)\n"
+#endif /* HAVE_LOCAL_PROCINFO */
 "              %%%% - literal '%%'\n"
-"      e.g.    \"/var/log/sslsplit/%%X/%%u-%%s-%%d-%%T\"\n"
+#ifdef HAVE_LOCAL_PROCINFO
+"      e.g.    \"/var/log/sslsplit/%%X/%%u-%%s-%%d-%%T.log\"\n"
+"  -i          look up local process owning each connection for logging\n"
+#define OPT_i "i"
+#else /* !HAVE_LOCAL_PROCINFO */
+"      e.g.    \"/var/log/sslsplit/%%T-%%s-%%d.log\"\n"
+#define OPT_i 
+#endif /* HAVE_LOCAL_PROCINFO */
 "  -d          daemon mode: run in background, log error messages to syslog\n"
 "  -D          debug mode: run in foreground, log debug messages on stderr\n"
 "  -V          print version information and exit\n"
@ -258,7 +268,7 @@ main(int argc, char *argv[])
 		natengine = NULL;
 	}

-	while ((ch = getopt(argc, argv, OPT_g OPT_G OPT_Z
+	while ((ch = getopt(argc, argv, OPT_g OPT_G OPT_Z OPT_i
 	                    "k:c:C:K:t:OPs:r:R:e:Eu:m:j:p:l:L:S:F:dDVh")) != -1) {
 		switch (ch) {
 			case 'c':
@ -503,6 +513,11 @@ main(int argc, char *argv[])
 				opts->contentlogdir = 0;
 				opts->contentlogspec = 1;
 				break;
+#ifdef HAVE_LOCAL_PROCINFO
+			case 'i':
+				opts->lprocinfo = 1;
+				break;
+#endif /* HAVE_LOCAL_PROCINFO */
 			case 'd':
 				opts->detach = 1;
 				break;
--- a/opts.h
+++ b/opts.h
@ -29,6 +29,7 @@
 #ifndef OPTS_H
 #define OPTS_H

+#include "proc.h"
 #include "nat.h"
 #include "ssl.h"
 #include "attrib.h"
@ -76,6 +77,9 @@ typedef struct opts {
 	unsigned int deny_ocsp : 1;
 	unsigned int contentlogdir : 1;
 	unsigned int contentlogspec : 1;
+#ifdef HAVE_LOCAL_PROCINFO
+	unsigned int lprocinfo : 1;
+#endif /* HAVE_LOCAL_PROCINFO */
 	char *ciphers;
 	char *tgcrtdir;
 	char *dropuser;
--- a/proc.c
+++ b/proc.c
@ -49,8 +49,8 @@

 #ifdef HAVE_DARWIN_LIBPROC
 int
-proc_pid_for_addr(pid_t *result, struct sockaddr *dst_addr,
-                  UNUSED socklen_t dst_addrlen)
+proc_pid_for_addr(pid_t *result, struct sockaddr *src_addr,
+                  UNUSED socklen_t src_addrlen)
 {
 	pid_t *pids = NULL;
 	struct proc_fdinfo *fds = NULL;
@ -109,25 +109,25 @@ proc_pid_for_addr(pid_t *result, struct sockaddr *dst_addr,
 				continue;
 			}

-			uint16_t sock_fport = sinfo.psi.soi_proto.pri_tcp.tcpsi_ini.insi_fport;
+			uint16_t sock_lport = sinfo.psi.soi_proto.pri_tcp.tcpsi_ini.insi_lport;
 			if (sinfo.psi.soi_family == AF_INET &&
-			    dst_addr->sa_family == AF_INET) {
-				struct sockaddr_in *dst_sai = (struct sockaddr_in *)dst_addr;
-				if (dst_sai->sin_addr.s_addr != sinfo.psi.soi_proto.pri_tcp.tcpsi_ini.insi_faddr.ina_46.i46a_addr4.s_addr) {
+			    src_addr->sa_family == AF_INET) {
+				struct sockaddr_in *src_sai = (struct sockaddr_in *)src_addr;
+				if (src_sai->sin_addr.s_addr != sinfo.psi.soi_proto.pri_tcp.tcpsi_ini.insi_laddr.ina_46.i46a_addr4.s_addr) {
 					continue;
 				}

-				if (dst_sai->sin_port != sock_fport) {
+				if (src_sai->sin_port != sock_lport) {
 					continue;
 				}
 			} else if (sinfo.psi.soi_family == AF_INET6 &&
-			           dst_addr->sa_family == AF_INET6) {
-				struct sockaddr_in6 *dst_sai = (struct sockaddr_in6 *)dst_addr;
-				if (memcmp(dst_sai->sin6_addr.s6_addr,  sinfo.psi.soi_proto.pri_tcp.tcpsi_ini.insi_faddr.ina_6.s6_addr, 16) != 0) {
+			           src_addr->sa_family == AF_INET6) {
+				struct sockaddr_in6 *src_sai = (struct sockaddr_in6 *)src_addr;
+				if (memcmp(src_sai->sin6_addr.s6_addr,  sinfo.psi.soi_proto.pri_tcp.tcpsi_ini.insi_laddr.ina_6.s6_addr, 16) != 0) {
 					continue;
 				}

-				if (dst_sai->sin6_port != sock_fport) {
+				if (src_sai->sin6_port != sock_lport) {
 					continue;
 				}
 			}
@ -147,8 +147,8 @@ errout1:
 }
 #else /* !HAVE_DARWIN_LIBPROC */
 int
-proc_pid_for_addr(pid_t *result, UNUSED struct sockaddr *dst_addr,
-                    UNUSED socklen_t dst_addrlen) {
+proc_pid_for_addr(pid_t *result, UNUSED struct sockaddr *src_addr,
+                    UNUSED socklen_t src_addrlen) {
 	*result = -1;
 	return 0;
 }
--- a/pxyconn.c
+++ b/pxyconn.c
@ -97,6 +97,9 @@ typedef struct pxy_conn_desc {
 #ifdef HAVE_LOCAL_PROCINFO
 /* local process data - filled in iff pid != -1 */
 typedef struct pxy_conn_lproc_desc {
+	struct sockaddr_storage srcaddr;
+	socklen_t srcaddrlen;
+
 	pid_t pid;
 	uid_t uid;
 	gid_t gid;
@ -1591,30 +1594,36 @@ pxy_bev_eventcb(struct bufferevent *bev, short events, void *arg)
 				pxy_conn_terminate_free(ctx);
 				return;
 			}
+
 #ifdef HAVE_LOCAL_PROCINFO
-			/* fetch process info */
-			if (proc_pid_for_addr(&ctx->lproc.pid,
-			                      (struct sockaddr*)&ctx->addr,
-			                      ctx->addrlen) == 0 &&
-			    ctx->lproc.pid != -1 &&
-			    proc_get_info(ctx->lproc.pid,
-			                  &ctx->lproc.exec_path,
-			                  &ctx->lproc.uid,
-			                  &ctx->lproc.gid) == 0) {
-				/* fetch user/group names */
-				ctx->lproc.user = sys_user_str(ctx->lproc.uid);
-				ctx->lproc.group = sys_group_str(ctx->lproc.gid);
-				if (!ctx->lproc.user || !ctx->lproc.group) {
-					ctx->enomem = 1;
-					pxy_conn_terminate_free(ctx);
-					return;
+			if (ctx->opts->lprocinfo) {
+				/* fetch process info */
+				if (proc_pid_for_addr(&ctx->lproc.pid,
+				        (struct sockaddr*)&ctx->lproc.srcaddr,
+				        ctx->lproc.srcaddrlen) == 0 &&
+				    ctx->lproc.pid != -1 &&
+				    proc_get_info(ctx->lproc.pid,
+				                  &ctx->lproc.exec_path,
+				                  &ctx->lproc.uid,
+				                  &ctx->lproc.gid) == 0) {
+					/* fetch user/group names */
+					ctx->lproc.user = sys_user_str(
+					                ctx->lproc.uid);
+					ctx->lproc.group = sys_group_str(
+					                ctx->lproc.gid);
+					if (!ctx->lproc.user ||
+					    !ctx->lproc.group) {
+						ctx->enomem = 1;
+						pxy_conn_terminate_free(ctx);
+						return;
+					}
+					log_dbg_printf("Local process "
+					               "%s %i %s:%s\n",
+					               ctx->lproc.exec_path,
+					               ctx->lproc.pid,
+					               ctx->lproc.user,
+					               ctx->lproc.group);
 				}
-				log_dbg_printf("Local process "
-				               "%s %i %s:%s\n",
-				               ctx->lproc.exec_path,
-				               ctx->lproc.pid,
-				               ctx->lproc.user,
-				               ctx->lproc.group);
 			}
 #endif /* HAVE_LOCAL_PROCINFO */
 		}
@ -2016,6 +2025,12 @@ pxy_conn_setup(evutil_socket_t fd,
 		ctx->src_str = sys_sockaddr_str(peeraddr, peeraddrlen);
 		if (!ctx->src_str)
 			goto memout;
+#ifdef HAVE_LOCAL_PROCINFO
+		if (ctx->opts->lprocinfo) {
+			memcpy(&ctx->lproc.srcaddr, peeraddr, peeraddrlen);
+			ctx->lproc.srcaddrlen = peeraddrlen;
+		}
+#endif /* HAVE_LOCAL_PROCINFO */
 	}

 	/* for SSL, defer dst connection setup to initial_readcb */