Skip to content

Commit 5fa8192

Browse files
cmlucianoggreenway
authored andcommitted
access_log: log requested_server_name in tcp proxy (#4144)
* access_log: log requested_server_name Signed-off-by: Christopher M. Luciano <[email protected]>
1 parent fa45bb4 commit 5fa8192

File tree

13 files changed

+75
-0
lines changed

13 files changed

+75
-0
lines changed

docs/root/configuration/access_log.rst

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -227,6 +227,12 @@ The following command operators are supported:
227227
TCP
228228
Not implemented ("-").
229229

230+
%REQUESTED_SERVER_NAME%
231+
HTTP
232+
String value set on ssl connection socket for Server Name Indication (SNI)
233+
TCP
234+
String value set on ssl connection socket for Server Name Indication (SNI)
235+
230236
.. _config_access_log_default_format:
231237

232238
Default format

docs/root/intro/version_history.rst

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ Version history
66
* access log: added :ref:`response flag filter <envoy_api_msg_config.filter.accesslog.v2.ResponseFlagFilter>`
77
to filter based on the presence of Envoy response flags.
88
* access log: added RESPONSE_DURATION and RESPONSE_TX_DURATION.
9+
* access log: added REQUESTED_SERVER_NAME for SNI to tcp_proxy and http
910
* admin: added :http:get:`/hystrix_event_stream` as an endpoint for monitoring envoy's statistics
1011
through `Hystrix dashboard <https://github.com/Netflix-Skunkworks/hystrix-dashboard/wiki>`_.
1112
* grpc-json: added support for building HTTP response from

include/envoy/request_info/request_info.h

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -303,6 +303,16 @@ class RequestInfo {
303303
* the same key overriding existing.
304304
*/
305305
virtual void setDynamicMetadata(const std::string& name, const ProtobufWkt::Struct& value) PURE;
306+
307+
/**
308+
* @param SNI value requested
309+
*/
310+
virtual void setRequestedServerName(const absl::string_view requested_server_name) PURE;
311+
312+
/**
313+
* @return SNI value for downstream host
314+
*/
315+
virtual const std::string& requestedServerName() const PURE;
306316
};
307317

308318
} // namespace RequestInfo

source/common/access_log/access_log_formatter.cc

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -301,6 +301,14 @@ RequestInfoFormatter::RequestInfoFormatter(const std::string& field_name) {
301301
return RequestInfo::Utility::formatDownstreamAddressNoPort(
302302
*request_info.downstreamRemoteAddress());
303303
};
304+
} else if (field_name == "REQUESTED_SERVER_NAME") {
305+
field_extractor_ = [](const RequestInfo::RequestInfo& request_info) {
306+
if (!request_info.requestedServerName().empty()) {
307+
return request_info.requestedServerName();
308+
} else {
309+
return UnspecifiedValueString;
310+
}
311+
};
304312
} else {
305313
throw EnvoyException(fmt::format("Not supported field in RequestInfo: {}", field_name));
306314
}

source/common/http/conn_manager_impl.cc

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -379,6 +379,8 @@ ConnectionManagerImpl::ActiveStream::ActiveStream(ConnectionManagerImpl& connect
379379
[this]() -> void { onIdleTimeout(); });
380380
resetIdleTimer();
381381
}
382+
request_info_.setRequestedServerName(
383+
connection_manager_.read_callbacks_->connection().requestedServerName());
382384
}
383385

384386
ConnectionManagerImpl::ActiveStream::~ActiveStream() {

source/common/request_info/request_info_impl.h

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -178,6 +178,12 @@ struct RequestInfoImpl : public RequestInfo {
178178
(*metadata_.mutable_filter_metadata())[name].MergeFrom(value);
179179
};
180180

181+
void setRequestedServerName(absl::string_view requested_server_name) override {
182+
requested_server_name_ = std::string(requested_server_name);
183+
}
184+
185+
const std::string& requestedServerName() const override { return requested_server_name_; }
186+
181187
const SystemTime start_time_;
182188
const MonotonicTime start_time_monotonic_;
183189

@@ -204,6 +210,7 @@ struct RequestInfoImpl : public RequestInfo {
204210
Network::Address::InstanceConstSharedPtr upstream_local_address_;
205211
Network::Address::InstanceConstSharedPtr downstream_local_address_;
206212
Network::Address::InstanceConstSharedPtr downstream_remote_address_;
213+
std::string requested_server_name_;
207214
};
208215

209216
} // namespace RequestInfo

source/common/tcp_proxy/tcp_proxy.cc

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -462,6 +462,10 @@ void Filter::onUpstreamEvent(Network::ConnectionEvent event) {
462462
Upstream::Outlier::Result::SUCCESS);
463463
onConnectionSuccess();
464464

465+
getRequestInfo().setRequestedServerName(read_callbacks_->connection().requestedServerName());
466+
ENVOY_LOG(debug, "TCP:onUpstreamEvent(), requestedServerName: {}",
467+
getRequestInfo().requestedServerName());
468+
465469
if (config_->idleTimeout()) {
466470
// The idle_timer_ can be moved to a Drainer, so related callbacks call into
467471
// the UpstreamCallbacks, which has the same lifetime as the timer, and can dispatch

source/extensions/filters/listener/tls_inspector/tls_inspector.cc

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -123,6 +123,7 @@ void Filter::onServername(absl::string_view name) {
123123
if (!name.empty()) {
124124
config_->stats().sni_found_.inc();
125125
cb_->socket().setRequestedServerName(name);
126+
ENVOY_LOG(debug, "tls:onServerName(), requestedServerName: {}", name);
126127
} else {
127128
config_->stats().sni_not_found_.inc();
128129
}

test/common/access_log/access_log_formatter_test.cc

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -185,6 +185,22 @@ TEST(AccessLogFormatterTest, requestInfoFormatter) {
185185
RequestInfoFormatter upstream_format("DOWNSTREAM_REMOTE_ADDRESS");
186186
EXPECT_EQ("127.0.0.1:0", upstream_format.format(header, header, header, request_info));
187187
}
188+
189+
{
190+
RequestInfoFormatter upstream_format("REQUESTED_SERVER_NAME");
191+
std::string requested_server_name = "stub_server";
192+
EXPECT_CALL(request_info, requestedServerName())
193+
.WillRepeatedly(ReturnRef(requested_server_name));
194+
EXPECT_EQ("stub_server", upstream_format.format(header, header, header, request_info));
195+
}
196+
197+
{
198+
RequestInfoFormatter upstream_format("REQUESTED_SERVER_NAME");
199+
std::string requested_server_name;
200+
EXPECT_CALL(request_info, requestedServerName())
201+
.WillRepeatedly(ReturnRef(requested_server_name));
202+
EXPECT_EQ("-", upstream_format.format(header, header, header, request_info));
203+
}
188204
}
189205

190206
TEST(AccessLogFormatterTest, requestHeaderFormatter) {

test/common/access_log/test_util.h

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -156,6 +156,12 @@ class TestRequestInfo : public RequestInfo::RequestInfo {
156156
(*metadata_.mutable_filter_metadata())[name].MergeFrom(value);
157157
};
158158

159+
void setRequestedServerName(const absl::string_view requested_server_name) override {
160+
requested_server_name_ = std::string(requested_server_name);
161+
}
162+
163+
const std::string& requestedServerName() const override { return requested_server_name_; }
164+
159165
SystemTime start_time_;
160166
MonotonicTime start_time_monotonic_;
161167

@@ -178,6 +184,7 @@ class TestRequestInfo : public RequestInfo::RequestInfo {
178184
Network::Address::InstanceConstSharedPtr downstream_remote_address_;
179185
const Router::RouteEntry* route_entry_{};
180186
envoy::api::v2::core::Metadata metadata_{};
187+
std::string requested_server_name_;
181188
};
182189

183190
} // namespace Envoy

0 commit comments

Comments
 (0)