From e08f70987a918126a4a767938996a8613286daa4 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sat, 16 Nov 2013 17:33:50 +0100 Subject: [PATCH] Added the --http-debug option to ocserv to avoid printing full HTTP messages to normal debug mode. --- doc/sample.config | 2 +- src/config.c | 3 +++ src/log.c | 14 ++++++++++++++ src/main.c | 2 +- src/ocserv-args.def | 6 ++++++ src/vpn.h | 3 +++ src/worker-auth.c | 2 +- src/worker-extras.c | 6 +++--- src/worker-vpn.c | 8 ++++---- 9 files changed, 36 insertions(+), 10 deletions(-) diff --git a/doc/sample.config b/doc/sample.config index c85e1b88..5deed8d9 100644 --- a/doc/sample.config +++ b/doc/sample.config @@ -132,7 +132,7 @@ socket-file = /var/run/ocserv-socket # The user the worker processes will be run as. It should be # unique (no other services run as this user). run-as-user = nobody -run-as-group = nogroup +run-as-group = nobody # Network settings diff --git a/src/config.c b/src/config.c index ce8aa384..75b34d28 100644 --- a/src/config.c +++ b/src/config.c @@ -475,6 +475,9 @@ int cmd_parser (int argc, char **argv, struct cfg_st* config) if (HAVE_OPT(TLS_DEBUG)) config->tls_debug = 1; + if (HAVE_OPT(HTTP_DEBUG)) + config->http_debug = 1; + if (HAVE_OPT(DEBUG)) config->debug = 1; diff --git a/src/log.c b/src/log.c index a623a93d..843ffe90 100644 --- a/src/log.c +++ b/src/log.c @@ -74,6 +74,13 @@ void __attribute__ ((format(printf, 3, 4))) if (priority == LOG_DEBUG && ws->config->debug == 0) return; + if (priority == LOG_HTTP_DEBUG) { + if (ws->config->http_debug == 0) + return; + else + priority = LOG_INFO; + } + ip = human_addr((void*)&ws->remote_addr, ws->remote_addr_len, ipbuf, sizeof(ipbuf)); @@ -103,6 +110,13 @@ void __attribute__ ((format(printf, 4, 5))) if (priority == LOG_DEBUG && s->config->debug == 0) return; + if (priority == LOG_HTTP_DEBUG) { + if (s->config->http_debug == 0) + return; + else + priority = LOG_DEBUG; + } + if (proc) { ip = human_addr((void*)&proc->remote_addr, proc->remote_addr_len, ipbuf, sizeof(ipbuf)); diff --git a/src/main.c b/src/main.c index 48fa0cf4..daef78b9 100644 --- a/src/main.c +++ b/src/main.c @@ -691,7 +691,7 @@ int main(int argc, char** argv) flags = LOG_PID|LOG_NDELAY; #ifdef LOG_PERROR - if (config.debug != 0) + if (config.debug != 0 || config.http_debug != 0 || config.tls_debug != 0) flags |= LOG_PERROR; #endif openlog("ocserv", flags, LOG_DAEMON); diff --git a/src/ocserv-args.def b/src/ocserv-args.def index b73c63ad..c5fb388d 100644 --- a/src/ocserv-args.def +++ b/src/ocserv-args.def @@ -38,6 +38,12 @@ flag = { doc = ""; }; +flag = { + name = http-debug; + descrip = "Enable verbose HTTP debugging information"; + doc = ""; +}; + flag = { name = debug; value = d; diff --git a/src/vpn.h b/src/vpn.h index f53bd638..17ddb4db 100644 --- a/src/vpn.h +++ b/src/vpn.h @@ -73,6 +73,8 @@ extern int syslog_open; #define ERR_EXEC -10 #define ERR_WORKER_TERMINATED -11 +#define LOG_HTTP_DEBUG 2048 + typedef struct { struct htable ht; @@ -151,6 +153,7 @@ struct cfg_st { unsigned dpd; unsigned foreground; unsigned tls_debug; + unsigned http_debug; unsigned debug; unsigned max_clients; unsigned max_same_clients; diff --git a/src/worker-auth.c b/src/worker-auth.c index 92e00e33..e593b8a8 100644 --- a/src/worker-auth.c +++ b/src/worker-auth.c @@ -638,7 +638,7 @@ int read_user_pass(worker_st *ws, char* body, unsigned body_length, char** usern char *p; if (memmem(body, body_length, "testtest */ diff --git a/src/worker-extras.c b/src/worker-extras.c index 5f420e84..e8e534a0 100644 --- a/src/worker-extras.c +++ b/src/worker-extras.c @@ -47,7 +47,7 @@ int get_config_handler(worker_st *ws, unsigned http_ver) int ret; struct stat st; - oclog(ws, LOG_DEBUG, "requested config: %s", ws->req.url); + oclog(ws, LOG_HTTP_DEBUG, "requested config: %s", ws->req.url); if (ws->config->xml_config_file == NULL) { oclog(ws, LOG_INFO, "requested config but no config file is set"); tls_printf(ws->session, "HTTP/1.%u 404 Not found\r\n", http_ver); @@ -108,7 +108,7 @@ int ret; const char *data; int len; - oclog(ws, LOG_DEBUG, "requested fixed string: %s", ws->req.url); + oclog(ws, LOG_HTTP_DEBUG, "requested fixed string: %s", ws->req.url); if (!strcmp(ws->req.url, "/2/binaries/update.txt")) { data = VPN_VERSION; len = sizeof(VPN_VERSION)-1; @@ -158,7 +158,7 @@ int ret; const char *data; int len; - oclog(ws, LOG_DEBUG, "requested downloader: %s", ws->req.url); + oclog(ws, LOG_HTTP_DEBUG, "requested downloader: %s", ws->req.url); data = SH_SCRIPT; len = sizeof(SH_SCRIPT)-1; diff --git a/src/worker-vpn.c b/src/worker-vpn.c index 742a2b7b..b7042574 100644 --- a/src/worker-vpn.c +++ b/src/worker-vpn.c @@ -188,7 +188,7 @@ char * str; if (req->value.length <= 0) return; - oclog(ws, LOG_DEBUG, "HTTP: %.*s: %.*s", (int)req->header.length, req->header.data, + oclog(ws, LOG_HTTP_DEBUG, "HTTP: %.*s: %.*s", (int)req->header.length, req->header.data, (int)req->value.length, req->value.data); switch (req->next_header) { @@ -609,7 +609,7 @@ restart: } while(ws->req.headers_complete == 0); if (parser.method == HTTP_GET) { - oclog(ws, LOG_DEBUG, "HTTP GET %s", ws->req.url); + oclog(ws, LOG_HTTP_DEBUG, "HTTP GET %s", ws->req.url); fn = get_url_handler(ws->req.url); if (fn == NULL) { oclog(ws, LOG_INFO, "unexpected URL %s", ws->req.url); @@ -622,7 +622,7 @@ restart: } else if (parser.method == HTTP_POST) { /* continue reading */ - oclog(ws, LOG_DEBUG, "HTTP POST %s", ws->req.url); + oclog(ws, LOG_HTTP_DEBUG, "HTTP POST %s", ws->req.url); while(ws->req.message_complete == 0) { nrecvd = tls_recv(session, buf, sizeof(buf)); GNUTLS_FATAL_ERR(nrecvd); @@ -646,7 +646,7 @@ restart: goto restart; } else if (parser.method == HTTP_CONNECT) { - oclog(ws, LOG_DEBUG, "HTTP CONNECT %s", ws->req.url); + oclog(ws, LOG_HTTP_DEBUG, "HTTP CONNECT %s", ws->req.url); ret = connect_handler(ws); if (ret == 0 && (parser.http_major != 1 || parser.http_minor != 0)) goto restart;