1/* Licensed to the Apache Software Foundation (ASF) under one or more 2 * contributor license agreements. See the NOTICE file distributed with 3 * this work for additional information regarding copyright ownership. 4 * The ASF licenses this file to You under the Apache License, Version 2.0 5 * (the "License"); you may not use this file except in compliance with 6 * the License. You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17/* 18 * Originally written @ Covalent by Jim Jagielski 19 */ 20 21/* 22 * mod_dumpio.c: 23 * Think of this as a filter sniffer for Apache 2.x. It logs 24 * all filter data right before and after it goes out on the 25 * wire (BUT right before SSL encoded or after SSL decoded). 26 * It can produce a *huge* amount of data. 27 */ 28 29 30#include "httpd.h" 31#include "http_connection.h" 32#include "http_config.h" 33#include "http_core.h" 34#include "http_log.h" 35#include "apr_strings.h" 36 37module AP_MODULE_DECLARE_DATA dumpio_module ; 38 39typedef struct dumpio_conf_t { 40 int enable_input; 41 int enable_output; 42} dumpio_conf_t; 43 44/* consider up to 80 additional characters, and factor the longest 45 * line length of all \xNN sequences; log_error cannot record more 46 * than MAX_STRING_LEN characters. 47 */ 48#define dumpio_MAX_STRING_LEN (MAX_STRING_LEN / 4 - 80) 49 50/* 51 * Workhorse function: simply log to the current error_log 52 * info about the data in the bucket as well as the data itself 53 */ 54static void dumpit(ap_filter_t *f, apr_bucket *b, dumpio_conf_t *ptr) 55{ 56 conn_rec *c = f->c; 57 58 ap_log_cerror(APLOG_MARK, APLOG_TRACE7, 0, c, 59 "mod_dumpio: %s (%s-%s): %" APR_SIZE_T_FMT " bytes", 60 f->frec->name, 61 (APR_BUCKET_IS_METADATA(b)) ? "metadata" : "data", 62 b->type->name, 63 b->length) ; 64 65 if (!(APR_BUCKET_IS_METADATA(b))) 66 { 67#if APR_CHARSET_EBCDIC 68 char xlatebuf[dumpio_MAX_STRING_LEN + 1]; 69#endif 70 const char *buf; 71 apr_size_t nbytes; 72 apr_status_t rv = apr_bucket_read(b, &buf, &nbytes, APR_BLOCK_READ); 73 74 if (rv == APR_SUCCESS) 75 { 76 while (nbytes) 77 { 78 apr_size_t logbytes = nbytes; 79 if (logbytes > dumpio_MAX_STRING_LEN) 80 logbytes = dumpio_MAX_STRING_LEN; 81 nbytes -= logbytes; 82 83#if APR_CHARSET_EBCDIC 84 memcpy(xlatebuf, buf, logbytes); 85 ap_xlate_proto_from_ascii(xlatebuf, logbytes); 86 xlatebuf[logbytes] = '\0'; 87 ap_log_cerror(APLOG_MARK, APLOG_TRACE7, 0, c, 88 "mod_dumpio: %s (%s-%s): %s", f->frec->name, 89 (APR_BUCKET_IS_METADATA(b)) ? "metadata" : "data", 90 b->type->name, xlatebuf); 91#else 92 /* XXX: Seriously flawed; we do not pay attention to embedded 93 * \0's in the request body, these should be escaped; however, 94 * the logging function already performs a significant amount 95 * of escaping, and so any escaping would be double-escaped. 96 * The coding solution is to throw away the current logic 97 * within ap_log_error, and introduce new vformatter %-escapes 98 * for escaping text, and for binary text (fixed len strings). 99 */ 100 ap_log_cerror(APLOG_MARK, APLOG_TRACE7, 0, c, 101 "mod_dumpio: %s (%s-%s): %.*s", f->frec->name, 102 (APR_BUCKET_IS_METADATA(b)) ? "metadata" : "data", 103 b->type->name, (int)logbytes, buf); 104#endif 105 buf += logbytes; 106 } 107 } 108 else { 109 ap_log_cerror(APLOG_MARK, APLOG_TRACE7, rv, c, 110 "mod_dumpio: %s (%s-%s): %s", f->frec->name, 111 (APR_BUCKET_IS_METADATA(b)) ? "metadata" : "data", 112 b->type->name, "error reading data"); 113 } 114 } 115} 116 117#define whichmode( mode ) \ 118 ( (( mode ) == AP_MODE_READBYTES) ? "readbytes" : \ 119 (( mode ) == AP_MODE_GETLINE) ? "getline" : \ 120 (( mode ) == AP_MODE_EATCRLF) ? "eatcrlf" : \ 121 (( mode ) == AP_MODE_SPECULATIVE) ? "speculative" : \ 122 (( mode ) == AP_MODE_EXHAUSTIVE) ? "exhaustive" : \ 123 (( mode ) == AP_MODE_INIT) ? "init" : "unknown" \ 124 ) 125 126static int dumpio_input_filter (ap_filter_t *f, apr_bucket_brigade *bb, 127 ap_input_mode_t mode, apr_read_type_e block, apr_off_t readbytes) 128{ 129 130 apr_bucket *b; 131 apr_status_t ret; 132 conn_rec *c = f->c; 133 dumpio_conf_t *ptr = f->ctx; 134 135 ap_log_cerror(APLOG_MARK, APLOG_TRACE7, 0, c, 136 "mod_dumpio: %s [%s-%s] %" APR_OFF_T_FMT " readbytes", 137 f->frec->name, 138 whichmode(mode), 139 ((block) == APR_BLOCK_READ) ? "blocking" : "nonblocking", 140 readbytes); 141 142 ret = ap_get_brigade(f->next, bb, mode, block, readbytes); 143 144 if (ret == APR_SUCCESS) { 145 for (b = APR_BRIGADE_FIRST(bb); b != APR_BRIGADE_SENTINEL(bb); b = APR_BUCKET_NEXT(b)) { 146 dumpit(f, b, ptr); 147 } 148 } 149 else { 150 ap_log_cerror(APLOG_MARK, APLOG_TRACE7, 0, c, 151 "mod_dumpio: %s - %d", f->frec->name, ret) ; 152 return ret; 153 } 154 155 return APR_SUCCESS ; 156} 157 158static int dumpio_output_filter (ap_filter_t *f, apr_bucket_brigade *bb) 159{ 160 apr_bucket *b; 161 conn_rec *c = f->c; 162 dumpio_conf_t *ptr = f->ctx; 163 164 ap_log_cerror(APLOG_MARK, APLOG_TRACE7, 0, c, "mod_dumpio: %s", f->frec->name); 165 166 for (b = APR_BRIGADE_FIRST(bb); b != APR_BRIGADE_SENTINEL(bb); b = APR_BUCKET_NEXT(b)) { 167 /* 168 * If we ever see an EOS, make sure to FLUSH. 169 */ 170 if (APR_BUCKET_IS_EOS(b)) { 171 apr_bucket *flush = apr_bucket_flush_create(f->c->bucket_alloc); 172 APR_BUCKET_INSERT_BEFORE(b, flush); 173 } 174 dumpit(f, b, ptr); 175 } 176 177 return ap_pass_brigade(f->next, bb) ; 178} 179 180static int dumpio_pre_conn(conn_rec *c, void *csd) 181{ 182 dumpio_conf_t *ptr; 183 184 ptr = (dumpio_conf_t *) ap_get_module_config(c->base_server->module_config, 185 &dumpio_module); 186 187 if (ptr->enable_input) 188 ap_add_input_filter("DUMPIO_IN", ptr, NULL, c); 189 if (ptr->enable_output) 190 ap_add_output_filter("DUMPIO_OUT", ptr, NULL, c); 191 return OK; 192} 193 194static void dumpio_register_hooks(apr_pool_t *p) 195{ 196/* 197 * We know that SSL is CONNECTION + 5 198 */ 199 ap_register_output_filter("DUMPIO_OUT", dumpio_output_filter, 200 NULL, AP_FTYPE_CONNECTION + 3) ; 201 202 ap_register_input_filter("DUMPIO_IN", dumpio_input_filter, 203 NULL, AP_FTYPE_CONNECTION + 3) ; 204 205 ap_hook_pre_connection(dumpio_pre_conn, NULL, NULL, APR_HOOK_MIDDLE); 206} 207 208static void *dumpio_create_sconfig(apr_pool_t *p, server_rec *s) 209{ 210 dumpio_conf_t *ptr = apr_pcalloc(p, sizeof *ptr); 211 ptr->enable_input = 0; 212 ptr->enable_output = 0; 213 return ptr; 214} 215 216static const char *dumpio_enable_input(cmd_parms *cmd, void *dummy, int arg) 217{ 218 dumpio_conf_t *ptr = ap_get_module_config(cmd->server->module_config, 219 &dumpio_module); 220 221 ptr->enable_input = arg; 222 return NULL; 223} 224 225static const char *dumpio_enable_output(cmd_parms *cmd, void *dummy, int arg) 226{ 227 dumpio_conf_t *ptr = ap_get_module_config(cmd->server->module_config, 228 &dumpio_module); 229 230 ptr->enable_output = arg; 231 return NULL; 232} 233 234static const command_rec dumpio_cmds[] = { 235 AP_INIT_FLAG("DumpIOInput", dumpio_enable_input, NULL, 236 RSRC_CONF, "Enable I/O Dump on Input Data"), 237 AP_INIT_FLAG("DumpIOOutput", dumpio_enable_output, NULL, 238 RSRC_CONF, "Enable I/O Dump on Output Data"), 239 { NULL } 240}; 241 242AP_DECLARE_MODULE(dumpio) = { 243 STANDARD20_MODULE_STUFF, 244 NULL, /* create per-dir config structures */ 245 NULL, /* merge per-dir config structures */ 246 dumpio_create_sconfig, /* create per-server config structures */ 247 NULL, /* merge per-server config structures */ 248 dumpio_cmds, /* table of config file commands */ 249 dumpio_register_hooks /* register hooks */ 250}; 251